Class action lawsuits have been filed against T-Mobile over the recently disclosed data breach that has been confirmed to impact more than 50 million of the company’s customers.
T-Mobile launched an investigation after hackers offered to sell 100 million customer records on the dark web. The carrier’s investigation initially confirmed that nearly 50 million former, current and prospective customers had at least some information compromised. Further analysis revealed that the breach impacted more than 54 million customers.
Compromised information includes names, phone numbers, dates of birth, social security numbers, addresses, driver’s license information, IMEI and IMSI information, and account PINs.
The company has offered two years of free identity protection services to impacted individuals, and highlighted that financial information has not been compromised.
However, it appears that is not enough for some of the affected customers and at least two class action lawsuits have been filed against T-Mobile over the incident.
One of the lawsuits was filed by Morgan & Morgan, Terrell Marshall Law Group, Arnold Law Firm, Mason Lietz & Klinger, and The Consumer Protection Firm in the Western District of Washington, with Stephanie Espanoza, Jonathan Morales and Alex Pygin named as lead plaintiffs.
The lawsuit alleges that T-Mobile “maintained private information in a reckless manner,” which has now resulted in customers being exposed to a high risk of fraud and identity theft.
“Consumers entrust their valuable, personal information to companies with the reasonable expectation that it be kept confidential and secure. T-Mobile, a leading telecommunications company, allegedly failed to fully implement a data security system to protect their customers from cyberattacks,” Morgan & Morgan attorneys said in an emailed statement. “Their alleged reckless actions and inactions have exposed customers to years of constant surveillance of their financial and personal records, monitoring, and loss of rights. We will continue to hold companies accountable and fight to ensure all institutions do more to protect people’s data.”
The second lawsuit, also filed in Washington, names Veera Daruwalla, Michael March, and Lavicieia Sturdivant as the lead plaintiffs. This lawsuit mentions several cybersecurity incidents affecting T-Mobile over the past years in an effort to underscore the company’s repeated failure to protect user data.
“As the target of many data breaches in the past, T-Mobile knew its systems were vulnerable to attack. Yet it failed to implement reasonable security procedures and practices appropriate to the nature of the information to protect its customers’ personal information, yet again putting millions of customers at great risk of scams and identity theft,” the complaint reads.
Related: Class Action Lawsuit Filed Against SolarWinds Over Hack
Related: Class Action Lawsuit Filed Against Marriott Over New Data Breach
Related: British Airways Settles Class Action Over 2018 Data Breach

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Government Shutdown Could Bench 80% of CISA Staff
- Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
- macOS 14 Sonoma Patches 60 Vulnerabilities
- New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
- Microsoft Adding New Security Features to Windows 11
- Sony Investigating After Hackers Offer to Sell Stolen Data
- 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
Latest News
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Government Shutdown Could Bench 80% of CISA Staff
- Moving From Qualitative to Quantitative Cyber Risk Modeling
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
- Sysdig Launches Realtime Attack Graph for Cloud Environments
- Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
