If you were one of the nearly 77 million people affected by T-Mobile’s breach last year, you might have a few bucks up for grabs. The company just announced the terms of a settlement in a consolidated class action lawsuit, and it’s not cheap: $350 million to be split among clients (and attorneys), plus $150 million dollars “for data security and related technology”. Let this be a lesson to all businesses: if you stay prepared, you don’t have to spend $150 million getting ready!
The breach apparently happened early last year, after which collections of T-Mobile customer data were put up for sale on various criminal forums. Estimates of the number of people affected varied, with T-Mobile saying less than a million had fully exposed accounts and PINs (still not great), and somewhere between 40 and 100 million total users with some data. taken.
The settlement, described in an SEC filing and court filing (PDF) first spotted by Geekwire, does not appear to have separate terms for those affected differently by the hack – but it could have been addressed separately for everything we know. For now, the class defined by the settlement document is “the approximately 76.6 million U.S. residents identified by T-Mobile whose information was compromised in the data breach,” with a bit more legalese to add. Californians, where class actions are handled slightly differently.
As is common in these giant lawsuits, the lawyers take a huge bite out and then the company has to alert class members who owe them money, so you can expect a postcard if you were a client of T -Mobile in August 2021 (in the interest of full disclosure, I was). Then the money is distributed based on how many people respond and how much the lawyers take. Final settlement terms could be approved as early as December.
Chances are you can’t even cover a single monthly cell phone bill with what you get, but these days a check for $9 can be the difference between “dinner” and “no dinner.” ‘for a number of people, so don’t scoff at these small sums – except it’s kind of insulting to have five serious offenses in as many years and all customers getting enough to order off the value menu .
The company, which merged with Sprint just before the breach, said in its SEC filing that it would spend $150 million on improving its security, so maybe it’s taking it seriously now. I guess we will find out soon.