T-Mobile has to answer to the court for the large-scale data breach that recently took place. The provider has received two so-called class-action lawsuits. The company is accused, among other things, of having done insufficient to protect the personal data of customers against hackers.
Last week, a hacker offered customer details of tens of millions of U.S. T-Mobile customers on a dark web hacker forum. In their own words, it concerned names, addresses, IMEI numbers, driving licenses and social security numbers. For the entire data set, the seller asked for six bitcoins, excluding nearly a quarter of a million dollars.
In a response to Motherboard, T-Mobile said it would investigate the matter. “We are aware of claims made in an underground forum and are currently investigating their validity. We have no additional information to share at this time,” a company spokesperson said.
The provider promised to notify all victims as soon as it had “a more complete and verified understanding” of the extent of the data breach. Initially, T-Mobile reported that the data of more than 48 million customers had ended up on the street. Later, the telecom company corrected this and adjusted the number of victims to 54.8 million. In addition to name and address details, identity details were also stolen from nearly 8 million customers.
Finally, T-Mobile reported that the perpetrators had also stolen IMEI and IMSI numbers. The International Mobile Equipment Identity or IMEI number is a number that can be used to identify a smartphone. When reporting the theft, the police will ask for this number. The International Mobile Subscriber Identity or IMSI number is an identification number that allows carriers to identify specific network users.
However, the story gets a legal tail. Fox Business reports that two class-action lawsuits have been filed against T-Mobile. The first lawsuit revolves around the risks that victims run because their data is now out on the street. In the indictment, the plaintiff alleges that scammers can abuse in all kinds of ways. Fraudsters can apply for benefits, take out loans, renew driving licenses with false data and fraud with income tax. Victims face “significant risks” because T-Mobile was negligent in protecting this data.
The second mass claim claims that victims have now spent more than a thousand hours dealing with the privacy risks of the data breach. Victims have spent this time checking statements for unexplained payment transactions and purchases and other suspicious activity.
“T-Mobile knew its systems were vulnerable to attacks. However, it failed to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect its customers’ personal data. As a result, millions of customers are once again at high risk of fraud and identity theft. Customers expected and deserved better from the country’s second-largest provider,” the indictment reads.
The plaintiffs want the court to award damages to the victims, including compensation for the time they invested in avoiding the consequences of the data breach. In addition, they demand that the judge takes measures against the telecom company. T-Mobile must increase the security of its systems, carry out annual audits to check the systems and no longer store personal data in the cloud.
T-Mobile has not responded to the plaintiffs’ demands.
Catch up on more articles here
Follow us on Twitter here