FAQ
Massive T-Mobile data breaches may have exposed the personal and financial information of millions of people including both customers and consumers who had applied for T-Mobile accounts. A series of data breaches reportedly involved both T-Mobile customers and people who simply applied for accounts but are not customers.
One class action lawsuit involving data breaches in 2021 has been settled but additional breaches may have occurred in 2022 and 2023. People whose data was exposed may be eligible for compensation.
T-Mobile 2021 Data Breach
Cellular communications company, T-Mobile has acknowledged that over 76 million people may have been subject to series of huge data breaches in 2021. Personal and identity information of 76.6 million or more individuals may have been obtained by hackers who apparently accessed the data through a “backdoor” on company servers. The data was reportedly held for “ransom” by hackers
A T-Mobile data breach 2021 class-action lawsuit settlement approval was granted June 29, 2023. Since the 2021 data breach, T-Mobile has faced numerous additional hacker attacks which may have resulted in new data exposure for consumers.
T-Mobile Data Exposed
The company claims in communication with news outlets that “no financial information or debit card information” was exposed. Unfortunately, other information including identification data may leave victims open to identity theft.
This may also increase the chance of “SIM swapping” which occurs when someone is able to switch an individual phone number to another person’s control.
Data that may have been exposed may include:
- Names
- Drivers’ Licenses
- Government identification numbers
- Social Security numbers
- Dates of birth
- T-Mobile PIN numbers
- Phone or SIM card IMEI numbers
- Phone numbers
Exposure of this type of information may enable identity theft to be used in obtaining new credit cards and other financial accounts.
T-Mobile 2021 Hacker Attack
The T-Mobile 2021 hacker attack appears to have involved ransomware. Hackers gain access to company systems through a back door or other vulnerability and install ransomware. This type of program sequesters and locks the company away from their own data, demanding “ransom” be paid in order to restore access. Even if the company pays and regains their own files, consumer data may already have been stolen.
A forum post was identified that claimed a seller may have had information related to millions of people. Tech magazine, Motherboard, claimed to have seen the data and that it appeared to have come from T-Mobile full customer information. The seller was reportedly asking for 6 bitcoin or approximately $270,000 in exchange for a portion of the data.
T-Mobile reported that they closed the backdoor to the server which may have been compromised, leading to the hack, stating:
“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”
T-Mobile has offered ID Theft service and other online identity and scam blocking tools and suggested that passwords be changed but a class action lawsuit was filed seeking additional compensation in August 2021.
T-Mobile Response and Settlement Offer
Though T-Mobile included a statement on their website, as a blog posting in the “news” section, the company failed to communicate directly with potential victims until after a class action lawsuit was filed in August 2021. In addition, the company only notified current customers and did not notify former customers or non-customers who had merely applied for a T-Mobile account.
In June of 2023, a settlement offer was granted for members of the class-action lawsuit, but payments have yet to be administered. The company agreed to pay $350 million to customers and to spend $150 million to fortify security.
New T-Mobile Data Breaches
Despite T-Mobile’s claim that security of their systems had been re-established, the company’s customers and others may have been subject to additional data breaches after the 2021 ransomware attack.
Data breaches since August 2021 may have included:
- December 2021 – 200,000 people
- January 2023 – 37 million people
- March 2023 – 836 customers
Previous to 2021, T-Mobile had informed consumers of data breaches in 2018, 2019, and up to five which had occurred in 2020.
If you have been a victim of a T-Mobile Data Breach, you may be eligible for compensation.