Class action lawsuits have been filed against T-Mobile over the recently disclosed data breach that has been confirmed to impact more than 50 million of the company’s customers.
T-Mobile launched an investigation after hackers offered to sell 100 million customer records on the dark web. The carrier’s investigation initially confirmed that nearly 50 million former, current and prospective customers had at least some information compromised. Further analysis revealed that the breach impacted more than 54 million customers.
Compromised information includes names, phone numbers, dates of birth, social security numbers, addresses, driver’s license information, IMEI and IMSI information, and account PINs.
The company has offered two years of free identity protection services to impacted individuals, and highlighted that financial information has not been compromised.
However, it appears that is not enough for some of the affected customers and at least two class action lawsuits have been filed against T-Mobile over the incident.
One of the lawsuits was filed by Morgan & Morgan, Terrell Marshall Law Group, Arnold Law Firm, Mason Lietz & Klinger, and The Consumer Protection Firm in the Western District of Washington, with Stephanie Espanoza, Jonathan Morales and Alex Pygin named as lead plaintiffs.
The lawsuit alleges that T-Mobile “maintained private information in a reckless manner,” which has now resulted in customers being exposed to a high risk of fraud and identity theft.
“Consumers entrust their valuable, personal information to companies with the reasonable expectation that it be kept confidential and secure. T-Mobile, a leading telecommunications company, allegedly failed to fully implement a data security system to protect their customers from cyberattacks,” Morgan & Morgan attorneys said in an emailed statement. “Their alleged reckless actions and inactions have exposed customers to years of constant surveillance of their financial and personal records, monitoring, and loss of rights. We will continue to hold companies accountable and fight to ensure all institutions do more to protect people’s data.”
The second lawsuit, also filed in Washington, names Veera Daruwalla, Michael March, and Lavicieia Sturdivant as the lead plaintiffs. This lawsuit mentions several cybersecurity incidents affecting T-Mobile over the past years in an effort to underscore the company’s repeated failure to protect user data.
“As the target of many data breaches in the past, T-Mobile knew its systems were vulnerable to attack. Yet it failed to implement reasonable security procedures and practices appropriate to the nature of the information to protect its customers’ personal information, yet again putting millions of customers at great risk of scams and identity theft,” the complaint reads.
Related: Class Action Lawsuit Filed Against SolarWinds Over Hack
Related: Class Action Lawsuit Filed Against Marriott Over New Data Breach
Related: British Airways Settles Class Action Over 2018 Data Breach