Two class-action lawsuits have been filed against T-Mobile in the wake of a massive data breach that left millions of customers’ personal information exposed.
Overall, at least 47 million people were affected by the data breach. Motherboard first reported the hack, noting that a hacker was selling portions of the data on an underground forum. T-Mobile said it was investigating the claims, but soon confirmed the broad strokes of the data breach.
T-Mobile said the hack impacted various kinds of customers, and the data that was compromised included names, drivers’ licenses and identification information, Social Security numbers, and more.
In a suit filed late last week in the United States District Court for the Western District of Washington, it claims that T-Mobile maintained the personal information in a “reckless manner” that was “vulnerable to cyberattacks.”
“Plaintiffs’ and class members’ identities are now at considerable risk because of Defendant’s negligent conduct since the private information that T-Mobile collected and maintained is now in the hands of data thieves,” the suit reads.
“Plaintiffs now seek compensation under the CCPA and principles of common law negligence, unjust enrichment, breach of implied contract, and breach of confidence, for their damages and those of fellow class members,” the suit reads. “Plaintiffs also seek injunctive relief to ensure that T-Mobile cannot continue to put its customers at risk.”
The suit also notes that T-Mobile has had at least five data breaches over the past three years, citing news stories about them. T-Mobile says it is offering affected customers identity protection services for free over the next two years, a decision that the suit calls “insufficient.”
“As discussed above, the threat of identity theft and fraud from the data breach will extend for many years and cost plaintiffs and the classes significant time and effort,” the suit reads.