T-Mobile has agreed to pay a settlement of $350 million for the August 2021 data breach that affected about 80 million customers. The company said the settlement will cover about 45 combined class-action lawsuits filed nationwide; and that plaintiffs may receive $25 or $100 cash in California, and others receive up to $25,000 to compensate for legal fees.
According to the company, a cyberattack on its resources exposed personal details such as the names, contact addresses, driver’s licenses, emails, birthdays, and Social Security numbers of former and current customers. With the $350 million class-action settlement, affected customers will also get two years of identity theft protection, and T-Mobile will also spend an additional $150 million to upgrade its cybersecurity against future threats.
The telecommunications company said the settlement, which requires the endorsement of a judge, is not an admission of guilt in any way. T-Mobile said the settlement does not represent an admission of liability, wrongdoing, or responsibility and that it does not indicate that it lacks adequate data security. The company expects the payment to be released before December 2022 after a judge approves it.
A 21-year-old American, John Binns, who left the country and relocated to Turkey a few years prior to the massive data breach, said he was responsible for the cyberattack, according to information published by The Wall Street Journal.
T-Mobile is headquartered in Bellevue, Washington, and the preliminary settlement was filed at a federal court in Kansas City, Missouri. With about 102 million American customers, T-Mobile acquired Sprint in 2020 and this solidified its position as one of the largest cellphone service providers in the United States, rivaled by AT&T and Verizon.
The telecom provider said it looks forward to about $400 million in pre-tax earnings in this second quarter, and that the class-action settlement will gulp the majority of the revenue.