T-Mobile is under fire again for the 2021 data breach

T-Mobile is being sued again by Washington state over a 2021 data breach that exposed sensitive information on more than 79 million people. The Verge reports. The court case filed Monday, alleges that T-Mobile has been aware of various security flaws in its systems for years but failed to take any action. As a result, a hacker was able to violate T-Mobile in March 2021 and went unnoticed until August of that year, when an “anonymous cybersecurity threat intelligence firm” told T-Mobile what was going on.

In addition to alleging that T-Mobile knew about these flaws and took inadequate action to correct them, Washington State Attorney General Bob Ferguson also alleged that T-Mobile’s notifications to customers affected by the breach were inadequate and misleading. The text messages were brief and did not reveal the full extent of the breach, only telling customers that debit and credit card information was not exposed, while not mentioning their Social Security numbers and other personal information that was compromised.

The victims of the breach included two million Washington residents. The information from T-Mobile’s databases was later on the dark web for sale to the highest bidder. T-Mobile is even suggested hired a third party to purchase exclusive access to the data.

In more ways than one, this isn’t T-Mobile’s first rodeo. The company was already sued by AG Ferguson over a decade ago for “deceptive” ads. It is also subject to a 2021 breakout. – in particular from 2024.Salt typhoon” attacks on commercial telecommunications companies. T-Mobile says its systems and data were not significantly affected.