Class action lawsuits have been filed against T-Mobile over the recently disclosed data breach that has been confirmed to impact more than 50 million of the company’s customers.
T-Mobile launched an investigation after hackers offered to sell 100 million customer records on the dark web. The carrier’s investigation initially confirmed that nearly 50 million former, current and prospective customers had at least some information compromised. Further analysis revealed that the breach impacted more than 54 million customers.
Compromised information includes names, phone numbers, dates of birth, social security numbers, addresses, driver’s license information, IMEI and IMSI information, and account PINs.
The company has offered two years of free identity protection services to impacted individuals, and highlighted that financial information has not been compromised.
However, it appears that is not enough for some of the affected customers and at least two class action lawsuits have been filed against T-Mobile over the incident.
One of the lawsuits was filed by Morgan & Morgan, Terrell Marshall Law Group, Arnold Law Firm, Mason Lietz & Klinger, and The Consumer Protection Firm in the Western District of Washington, with Stephanie Espanoza, Jonathan Morales and Alex Pygin named as lead plaintiffs.
The lawsuit alleges that T-Mobile “maintained private information in a reckless manner,” which has now resulted in customers being exposed to a high risk of fraud and identity theft.
“Consumers entrust their valuable, personal information to companies with the reasonable expectation that it be kept confidential and secure. T-Mobile, a leading telecommunications company, allegedly failed to fully implement a data security system to protect their customers from cyberattacks,” Morgan & Morgan attorneys said in an emailed statement. “Their alleged reckless actions and inactions have exposed customers to years of constant surveillance of their financial and personal records, monitoring, and loss of rights. We will continue to hold companies accountable and fight to ensure all institutions do more to protect people’s data.”
The second lawsuit, also filed in Washington, names Veera Daruwalla, Michael March, and Lavicieia Sturdivant as the lead plaintiffs. This lawsuit mentions several cybersecurity incidents affecting T-Mobile over the past years in an effort to underscore the company’s repeated failure to protect user data.
“As the target of many data breaches in the past, T-Mobile knew its systems were vulnerable to attack. Yet it failed to implement reasonable security procedures and practices appropriate to the nature of the information to protect its customers’ personal information, yet again putting millions of customers at great risk of scams and identity theft,” the complaint reads.
Related: Class Action Lawsuit Filed Against SolarWinds Over Hack
Related: Class Action Lawsuit Filed Against Marriott Over New Data Breach
Related: British Airways Settles Class Action Over 2018 Data Breach

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
