Image: © Birgit Reitz-Hofmann/Stock.adobe.com
Attorney general Bob Ferguson alleges that the company’s data breaches were ‘entirely avoidable’.
US wireless network operator T-Mobile is being sued by the US state of Washington over data breach failures dating back to 2021.
Specifically, the case originates from a data breach incident which occurred in March 2021, but went undetected for six months. Later that year, in August, T-Mobile admitted that malicious actors managed to enter its corporate network and gained access to the sensitive information of 79m people nationwide, with some information ending up on the dark web.
The lawsuit has been filed by attorney general Bob Ferguson in Seattle, who is seeking for the company to be reprimanded for failing to adequately secure the personal information of more than 2m Washington residents.
According to Ferguson’s office, the lawsuit, which has been filed in King County Superior Court, alleges that T-Mobile knew for years about certain cybersecurity vulnerabilities, but did not do enough to adequately address them.
It also alleges that T-Mobile misrepresented to consumers that it prioritises protecting the personal data it collects. In addition, Ferguson’s lawsuit claims that T-Mobile downplayed the severity of the data breach.
Ferguson alleged that the 2021 data breach “was entirely avoidable”.
“T-Mobile had years to fix key vulnerabilities in its cybersecurity systems, and it failed,” he added.
The lawsuit asserts that T-Mobile’s alleged failures violated Washington’s Consumer Protection Act and seeks civil penalties and restitution for the Washingtonians harmed, in addition to injunctive relief to require improvements to T-Mobile’s cybersecurity procedures and policies.
Cybersecurity controversies surrounding T-Mobile
T-Mobile has faced significant scrutiny over its cybersecurity capabilities over the years.
Last November, T-Mobile was compromised by the black hat hacking group known as Salt Typhoon. However, the telecommunications firm said at the time that no customer data was accessed as part of this breach.
And last October, T-Mobile reached a settlement with the Federal Communications Commission to pay a penalty of $15.75m to the US Treasury in relation to multiple data breaches affecting tens of millions of users over the years.
As part of the settlement the organisation must also invest $15.75m to strengthen its cybersecurity infrastructure.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
