Current and former T-Mobile customers may be eligible for part of a mammoth $350 million settlement stemming from a 2021 cyberattack.
A class action suit filed in Missouri merged at least 44 separate complaints about the breach, which exposed millions of users’ addresses, PINs and other personal information.
If the deal is approved, it will be the second-largest data breach payout in US history, following Equifax’s $700 million settlement in 2019. In addition to cash payments to affected customers, T-Mobile has agreed to invest $150 million in improving data security.
T-Mobile hasn’t acknowledged any wrongdoing. In a statement shared with CNET, the company said it was “pleased to have resolved this consumer class action filing.”
“Customers are first in everything we do and protecting their information is a top priority,” a representative. “Like every company, we are not immune to these criminal attacks.”
Here’s what you need to know about the T-Mobile data breach, including how to find out if you’re eligible for payment, how much you might get and the deadline to file a claim.
For more on class action suits, find out if you qualify for Smashburger’s $5 million false-advertising payout or Robinhood’s $20 million data breach settlement.
What happened in the T-Mobile data breach case?
On Aug. 15, 2021, T-Mobile reported that a cyberattack had led to the theft of millions of people’s personal information.
Exactly how many people were hacked and how they were impacted isn’t clear: T-Mobile has said that only about 850,000 people’s names, addresses and PINs were “compromised.”
According to court filings, however, approximately 76.6 million people had their data exposed. And an individual selling the information on the dark web for six bitcoin (approximately $277,000 at the time) told Vice they had data relating to more than 100 million people, all compiled from T-Mobile servers.
John Binns, a 21-year-old living in Turkey, eventually took responsibility for the breach, the fifth such attack on T-Mobile since 2015.
“I was panicking because I had access to something big,” Binns told The Wall Street Journal. “Their security is awful.”
Who is eligible for money in the T-Mobile settlement?
T-Mobile has identified 76 million US residents whose information was compromised in the data breach.
Class members were notified of the proposed settlement by mail, but you can confirm your status by emailing the Settlement Administrator or calling 833-512-2314.
How much money could I receive?
Current and former T-Mobile customers are eligible for a $25 cash payment, according to the settlement website. California residents are entitled to $100.
You can be reimbursed up to $25,000 if you had to spend time or money to recover from fraud or identity theft relating to the breach, though you must submit extensive documentation supporting your claim.
T-Mobile is also offering two free years of McAfee’s ID Theft Protection Service to anyone who believes they may have been a victim of the hack.
When’s the deadline to file a claim?
The deadline to file a claim through the class-action website is Jan. 23, 2023. You can also mail a completed print claim form to:
T-Mobile Data Breach Settlement
c/o Kroll Settlement Administration LLC
P.O. Box 225391 New York, NY 10150-5391
The deadline to object to the settlement or be excluded from it is Dec. 8, 2022.
When will T-Mobile send out checks?
A final approval hearing for the settlement has been scheduled for Jan. 20, 2023. Payments are typically sent out within 90 days of settlements being approved, though appeals could slow down the process.
What’s T-Mobile doing to protect against more data breaches?
T-Mobile has “doubled-down” on fighting hackers, the company said in its July 22 statement. It is boosting employee training, collaborating on new protocols with industry experts like Mandiant and Accenture and creating a cybersecurity office that reports directly to CEO Mike Sievert.
T-Mobile also fell prey to the hacker ring Lapsus$ in March 2022, security journalist Brian Krebs reported.
Hackers accessed employee accounts and attempted to find T-Mobile accounts associated with the Department of Defense and FBI, TechCrunch reported, but they were thwarted by secondary authentication checks.
Read more: How to Protect Your Personal Data After a Security Breach