On January 6, 2025, Washington Attorney General Bob Ferguson filed a lawsuit against T-Mobile, accusing the company of failing to secure the personal data of over 2 million residents in the state. This breach, which occurred in 2021, exposed sensitive information including Social Security numbers, names, and addresses, impacting more than 79 million consumers nationwide. Ferguson alleges that T-Mobile misled consumers regarding its data protection efforts and did not adequately notify those affected, thus violating Washington’s Consumer Protection Act. The lawsuit seeks civil penalties, restitution for affected individuals, and demands improvements to T-Mobile's cybersecurity practices. [682c1790]
This lawsuit comes amid a backdrop of increasing scrutiny on telecommunications companies regarding their data security measures. Recent incidents, such as the AT&T data breach that affected 90 million customers, have heightened concerns about the vulnerability of personal information held by these companies. In that case, hackers stole call and message data over a six-month period, leading to investigations by the Federal Communications Commission (FCC) and the Department of Justice. [29ab1e81]
The T-Mobile breach highlights ongoing issues within the telecom sector, where companies are grappling with the challenges of safeguarding customer data against cyber threats. Ferguson's action against T-Mobile reflects a broader trend of state attorneys general taking a more aggressive stance on consumer protection in the digital age. [682c1790]
As the legal proceedings unfold, T-Mobile has yet to publicly comment on the lawsuit. The company has faced criticism in the past for its handling of customer data and has been urged to enhance its cybersecurity protocols to prevent future breaches. [682c1790]