2023 T-Mobile Data Breach Sparks Class Action Lawsuit

New to ClassAction.org? Read our Newswire Disclaimer

T-Mobile faces a proposed class action that alleges it failed to exercise “reasonable care” in safeguarding the sensitive private information of millions of consumers from a widespread data breach announced by the carrier around January 20. 

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here. 

The 34-page lawsuit out of California says the sensitive, “unencrypted and unredacted” names, birth dates, and contact and demographic details of an estimated 37 million T-Mobile customers are believed to have been compromised in the data breach, which came to light only months after the company settled class action litigation over a 2021 data breach for $350 million. 

The suit says T-Mobile first notified victims of the latest incident on or around January 20. In particular, the data compromised in the hack belonged to individuals whose information was stored on T-Mobile servers across multiple states, the filing relays.

“In this era of frequent data security attacks and data breaches, particularly in the technology industry, Defendant’s failures leading to the Data Breach are particularly egregious, as this Data Breach was highly foreseeable,” the complaint states, placing blame for the incident on T-Mobile’s “negligent and/or careless acts and omissions.” 

As a result of the 2023 T-Mobile data breach, victims have incurred damages ranging from invasion of privacy and identity theft mitigation costs to the “deprivation of value” of their personal information, among other harms, the suit stresses. 

T-Mobile announced last week that a “bad actor” had stolen the personal information of roughly 37 million customers in November 2022, the case relays. In a Securities and Exchange Commission filing, the company stated that it discovered the hack on January 5, specifying that the “bad actor was obtaining data through a single Application Programming Interface,” the suit reads. 

According to the lawsuit, T-Mobile did not have in place cybersecurity procedures and practices that were appropriate enough in light of the sensitive, personalized information in its care. 

“Defendant could have prevented this Data Breach by properly encrypting or otherwise implementing policies, procedures and computer data security programs that provided the level of protection reasonably necessary for a company of this sophistication and the custodian of large amounts of [personally identifiable information].” 

To date, the case says, T-Mobile has done “little” to protect consumers, or compensate them for damages related to the latest data breach. 

The lawsuit looks to cover all United States residents whose personally identifiable information was compromised in the data breach announced by T-Mobile in January 2023. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.