Are you eligible for money from T-Mobile’s $350 million data breach settlement?

If you were a T-Mobile customer last year, you could be liable for part of a multi-million dollar settlement. The mobile operator agreed to a $350 million class action settlement after a data breach exposed sensitive information belonging to tens of millions of customers in August 2021.

If approved, the deal will be the second-largest data breach settlement in U.S. history, following Equifax’s $700 million payout in 2019.

T-Mobile — which also agreed to invest $150 million in improving its data security — did not admit any wrongdoing but, in a July 22 statement shared with CNET, said ” Glad to have resolved this consumer class action lawsuit.” ”

“Customers come first in everything we do and protecting their information is a top priority,” he added. “Like any business, we are not immune to these criminal attacks.”

The cyberattack didn’t appear to hurt T-Mobile’s progress: The company expects to add 6 million to 6.3 million new customers this year, leading the industry in subscriber growth over rivals AT&T and Verizon.

Here’s what you need to know about the T-Mobile settlement, including who’s eligible for a payout, how much they might get, and when the money might arrive.

Learn more about the class action lawsuits, find out if you’re eligible for a payout from Facebook’s $90 million settlement or $45 million settlement Roundup weed killer.

What happened in the T-Mobile data breach case?

On August 15, 2021, T-Mobile reported that a cyberattack resulted in the theft of millions of personal details, including names, addresses, dates of birth, social security numbers, driver’s license details and other sensitive information. , including unique codes which individual phones identified.

It’s unclear exactly how many people were hacked and how they were affected: According to court filings, an estimated 76.6 million people had their data exposed, but T-Mobile claimed that only names, addresses and PIN codes of around 850,000 people had been “compromised”.

An individual selling the information on the dark web for 6 bitcoins (about $277,000 at the time) told Vice that they had data on over 100 million people, all compiled from T-Mobile servers.

John Binns, a 21-year-old living in Turkey, eventually took responsibility for the cyberattack, the fifth such attack which has plagued T-Mobile since 2015.

“I was freaking out because I had access to something important,” Binns told the Wall Street Journal. “Their security is terrible.”

The July 24 settlement, filed in the U.S. District Court for the Western District of Missouri, merges at least 44 class action lawsuits alleging T-Mobile was lax on cybersecurity and failed to protect personal information.

How much money could I receive from the settlement?

Class members — in this case, people who were T-Mobile customers in August 2021 — could receive cash payments of $25, Reuters reported, or $100 for California residents.

It could also be a lot less, depending on how many people respond. In addition to paying claims, the $350 million is to be used to pay legal fees and administrative costs. Plaintiffs’ attorneys can charge up to 30% of the settlement, according to court documents.

Separately, certain individuals could receive up to $25,000 to cover losses they suffered as a direct result of the breach.

T-Mobile is also offering two free years of McAfee’s Identity Theft Protection service to anyone who thinks they’ve been a victim.

How do I know if I qualify for a payment from T-Mobile?

T-Mobile has not released full details of its payment plan. Typically, group members are notified that they are eligible by mail. (Full disclosure: This reporter was a T-Mobile customer at the time.)

Read more: How to protect your personal data after a security breach

Customers then have 90 days to submit claim forms or ask to opt out of the settlement and reserve the right to pursue their own separate legal claims, according to court documents.

It could be several months before individuals know if they will receive any settlement money, TechCrunch reported.

T-Mobile Store

After being notified, affected customers will have 90 days to submit claim forms or request to opt out of the settlement.

Jet City Image/CNET

When will payments be made?

Qualifying band members likely won’t see any money until at least 2023.

T-Mobile has 30 days to provide the court with a list of class members, along with their phone numbers and mailing and email addresses, “to the extent possible.”

Once eligible parties are notified, claims can be submitted. Legal fees are deducted and the remaining money is divided among the class members who referred the claims. It could take months.

Moreover, the $350 million payout has only received preliminary approval. It still requires final approval from a judge, which T-Mobile said would come in December at the earliest.

What is T-Mobile doing to protect against future security breaches?

T-Mobile has “doubled down” on its fight against hackers, the company said in its July 22 statement, by bolstering employee training, collaborating with industry experts like Mandiant and Accenture on new protocols, and creating a cybersecurity office that reports directly to the head of the company. general manager, Mike Sievert.

Security reporter Brian Krebs reported in April 2022 that T-Mobile fell victim to the Lapsus$ hacking group.

The hackers accessed employee accounts and attempted to find T-Mobile accounts associated with the Department of Defense and the FBI, TechCruch reported. They were thwarted by secondary authentication checks.

Casey J. Nelson