US state sues T-Mobile over 2021 data breach which leaked data of millions

News
By
published

Washington state is taking action against telco giant

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)
  • A 2021 T-Mobile data leak exposed millions of customer's data
  • Washington State is now suing the telecoms giant
  • The suit alleges that T-Mobile failed to protect and notify customers

The US state of Washington is taking legal action against telecommunications giant T-Mobile over consumer protections failures following a 2021 data breach which exposed up to 79 million consumers worldwide, including the social security numbers of almost 184,000 customers in the state.

As part of Washington’s lawsuit, the state claims T-Mobile failed to ‘adequately secure sensitive personal information of more than 2 million Washingtonians’. This failure, the state claims, left those consumers vulnerable to fraud and identity theft.

The suit claims that the breach was ‘entirely avoidable’ and explains T-Mobile had years to fix key vulnerabilities in its cybersecurity systems, and failed to properly address them. A lack of security monitoring meant T-Mobile was unaware of the breach.

T-Mobile customers mislead

The suit alleges T-Mobile deliberately downplayed the severity of the breach to affected consumers, and omitted critical information, which in turn affected customer’s ability to ‘adequately assess their risk of identity theft or fraud’.

The firm sent out texts to affected customers, but failed to include legally required information. Customers who didn’t have their card details or social security numbers compromised were informed of such, but those who did, weren’t given any information about the exposure.

According to the suit, T-Mobile used ‘weak credentials’ and an ‘easily guessable username and password’, and the exposed data appeared for sale on the dark web almost immediately after it was stolen.

T-Mobile has recently agreed to pay an over $15 million penalty to the FCC as part of a settlement deal following a string of high-profile data breaches between 2021 and 2023. The company was also ordered to make significant changes to its cybersecurity infrastructure, and adopt more robust identity and access management frameworks.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
Outdoor photograph of a pair of hands holding a smartphone with navigator location points in the background
Millions of phone location records feared leaked as one of the biggest data leaks ever may be a whole lot worse
Security padlock and circuit board to protect data
Mexican fintech company Miio exposed millions of files of sensitive customer data
PayPal
PayPal fined by New York for cybersecurity failures
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Illustration of a thief escaping with a white fingerprint
5 massive privacy scandals that rocked the world – and made millions of victims
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Latest in Pro
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
Concept art representing cybersecurity principles
What businesses need for modern third-party risk management
linkedin
Watch out - that LinkedIn email could be a fake, laden with malware
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
A hand reaching out to touch a futuristic rendering of an AI processor.
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
Half man, half AI.
How finance teams can avoid falling behind in the AI race
Latest in News
Apple MacBook Air M3
The M3 MacBook Air is officially discontinued, but the M2 MacBook Air will live on elsewhere and that's good news
Stock photographs of people smiling and looking at laptops in a small business environment.
This web hosting platform elevates your online presence
The Samsung Galaxy S25 Edge on display at Galaxy Unpacked
Exclusive: the Samsung Galaxy S25 Edge will have durability to match its ‘sexy’ form
Metaphor: ReFantazio
Sega was Metacritic's highest-rated publisher of 2024 thanks to the critically acclaimed Metaphor: ReFantazio and Like a Dragon: Infinite Wealth
AirPods Pro Review
Apple has quietly updated its guidance on how to clean your AirPods, and suggests you buy a kit… from Belkin
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
More about pro
Micron PCIe 6.x SSD

Micron just demoed the world's fastest SSD with PCIe 6.x tech, a sequential read speed of 27GB/s, and yes, it's just a prototype for now
Macrodock M1 docking station

This cute docking station has LCD macro keys and can even power an 8K monitor - but what nailed it are the rotary knobs
Apple MacBook Air M3

The M3 MacBook Air is officially discontinued, but the M2 MacBook Air will live on elsewhere and that's good news
See more latest
Most Popular
Apple MacBook Air M3
The M3 MacBook Air is officially discontinued, but the M2 MacBook Air will live on elsewhere and that's good news
Micron PCIe 6.x SSD
Micron just demoed the world's fastest SSD with PCIe 6.x tech, a sequential read speed of 27GB/s, and yes, it's just a prototype for now
Xiaomi SU7
Xiaomi's EV is racing ahead of Tesla in China – and it's planning a global Model Y rival next
Macrodock M1 docking station
This cute docking station has LCD macro keys and can even power an 8K monitor - but what nailed it are the rotary knobs
linkedin
Watch out - that LinkedIn email could be a fake, laden with malware
The Mound: Omen of Cthulhu
Ace Team announces The Mound: Omen of Cthulhu, a new first-person horror co-op coming to PS5, Xbox Series X, and PC this year
Styx: Blades of Greed
Styx the goblin returns in Styx: Blades of Greed later this year
Robocop: Rogue City
RoboCop: Rogue City's new standalone expansion Unfinished Business announced at Nacon Connect 2025
Cthulhu: The Cosmic Abyss
Cthulhu: The Cosmic Abyss is a new first-person thriller from the studio behind Vampire: The Masquerade - Swansong
RISC-V
Startup formed by former Intel engineers and backed by AMD legendary chip designer wants to become the Arm of RISC-V