The company has agreed to pay out $350 million to affected customers as part of multiple class-action lawsuits, as well as investing an additional $150 million in cybersecurity

Back in August 2021, T-Mobile suffered an enormous data breach that saw customers’ personal data stolen by malicious actors. 

AT the time, the operator said that it believed data from around 53 million former, current, and prospective customers had been compromised; since then, following further investigation, T-Mobile has announced that there were in fact 76.6 million customers were affected by the breach.

While the breach did not jeopardise customers’ financial information, T-Mobile warned that various personal details could have been accessed by cybercriminals, such as names, addresses, birth dates, Social Security numbers, and drivers’ licences.

T-Mobile apologised for the breach (though it admitted no wrongdoing) and announced plans to implement greater security measures, but various class-action lawsuits were quickly drawn up, seeking compensation for affected customers.

Now, at the end of last week, T-Mobile has filed preliminary settlement with the US District Court for the Western District of Missouri, saying that it will pay $350 million to customers, as well as investing $150 million in its cybersecurity development in 2022 and 2023.

"Customers are first in everything we do and protecting their information is a top priority," T-Mobile said in a statement on its website. "Like every company, we are not immune to these criminal attacks. Our efforts to guard against them continue and over the past year we have doubled down on our extensive cybersecurity program.”

The settlement is expected to be approved in December at the earliest, due to various appeals and legal processes, according to the Securities and Exchange Commission (SEC).

This is breach is not the only data theft that T-Mobile has suffered in recent years, with additional successful cyberattacks against the operator taking place in 2018 and 2020. 

In fact, cyberattacks have been increasing in volume and severity since the onset of the coronavirus pandemic, which forced millions of people to work from home and left them potentially more vulnerable to cybercrime. Operators, with their vast networks and wealth of private information, are prime targets for these criminals, especially ransomware gangs, with attacks almost doubling in 2021 compared to 2022.  

This cybersecurity arms race between operators and cybercriminals is nothing new, but the scale of this enormous payout for exposed data, combined with increasingly strict security requirements from governments around the world, could see operators more motivated than ever to keep ahead of the curve.

Are operators in the US doing enough to protect customers personal data? Join the operators in discussion on the crucial topic of cybersecurity at the live Connected America conference in 2023