T-Mobile Facing Another Lawsuit Over 2021 Data Breach - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

T-Mobile Facing Another Lawsuit Over 2021 Data Breach

T-Mobile has been sued a second time over a 2021 data breach that impacted 80 million T-Mobile users. The consumer protection lawsuit comes from Washington State Attorney General Bob Ferguson, who says that T-Mobile had years to "fix key vulnerabilities" that could have prevented the data breach.

T Mobile Generic Feature Pink 1
According to Ferguson, T-Mobile knew that its systems had certain cybersecurity vulnerabilities, and the company did not do enough to address them. T-Mobile is also accused of misleading customers about its security practices, not notifying Washingtonians of the data breach in a timely matter, and downplaying the severity of the breach.

For years prior to August 2021, T-Mobile did not meet industry standards for cybersecurity and knew about these vulnerabilities. These included insufficient processes for identifying and addressing security threats and a systemic lack of oversight. In some cases, T-Mobile used obvious passwords to protect accounts that had access to customers' sensitive personal information. The 2021 breach was enabled, in part, when the hacker guessed obvious credentials to gain access to T-Mobile's internal databases.

T-Mobile's systems were breached in March 2021, but T-Mobile did not learn of the attack until August 2021. Hackers were able to obtain names, phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers from T-Mobile customers, and that data was sold.

The hacker behind the attack said that T-Mobile's security was "awful" and that the breach occurred when an unprotected T-Mobile router was discovered, which led to access of T-Mobile's Washington data center.

T-Mobile apologized for the data breach and promised to prevent a future attack by establishing long-term partnerships with cybersecurity experts.

The lawsuit is seeking restitution for Washingtonians that were harmed in the data breach, along with injunctive relief to require improvements to T-Mobile's cybersecurity practices.

T-Mobile already paid $350 million to settle a class action lawsuit over the data breach in 2022, and it was fined $60 million by the Committee on Foreign Investment in the US (CFIUS) for failing to prevent or disclose unauthorized access to sensitive customer data.

Popular Stories

T Mobile Generic Feature Pink 1

T-Mobile Automatically Moving Legacy Plan Customers to New Plans

Monday June 29, 2026 4:46 pm PDT by
Some T-Mobile customers with legacy phone plans are being upgraded to newer T-Mobile plans automatically, reports CNET. The company has been sending out notifications to customers with older plans, letting them know that they're going to be transferred to a current plan. Customers being pushed to a new plan could get an automatic bill increase. The carrier plans to move customers to...
iCloud iPhone 17 Pro

iPhone Users Who Pay for iCloud Storage Get Two New Perks on iOS 27

Thursday July 2, 2026 6:10 am PDT by
If you pay for certain iCloud+ storage plans beyond the 5GB that Apple offers for free, you will receive two more perks on iOS 27 at no additional cost. A summary of the two new iCloud+ perks on iOS 27:Increased daily usage limits for some new Apple Intelligence features, including image generation in the revamped Image Playground app. HomeKit Secure Video cameras receive generated video...
iPhone 4 on Black Feature

Apple Facing One of Its Worst Leaks Since the iPhone 4

Thursday July 2, 2026 9:53 am PDT by
Apple supplier Tata Electronics recently suffered a cyberattack that resulted in thousands of confidential files being published on the dark web, and this reportedly included some photos and documents related to the upcoming iPhone 18 Pro. We have elected not to share any of the leaked photos in this story due to the illegal nature in which they were obtained, but they can easily be found...

Top Rated Comments

pdaholic Avatar
19 months ago
Why do they need social security and driver’s license numbers?!?
Score: 6 Votes (Like | Disagree)
Student of Life Avatar
19 months ago
Again fine not only the company but also make its executives offices personally liable. That’s how you get real accountability, when it impacts them personally.
Score: 6 Votes (Like | Disagree)
sw1tcher Avatar
19 months ago

Why do they need social security and driver’s license numbers?!?
Social security number is needed to run a credit check since T-Mobile is basically extended credit to you when they provide post-paid mobile service, discounted or free mobile phones, etc.

How else are they going to get their money back if a customer fails to pay for service and runs off with a bunch of free iPhone 16 Pro's ('https://www.t-mobile.com/news/offers/t-mobile-iphone-16-apple-watch-10-savings')?



Attachment Image
Score: 4 Votes (Like | Disagree)
coffeemilktea Avatar
19 months ago
Maybe if the cost of lawsuits becomes greater than the cost of implementing proper security measures, T-Mobile will actually start doing a good job when it comes to cybersecurity? 🤪
Score: 4 Votes (Like | Disagree)
19 months ago

AT&T, you are next! 🤬
Seriously, I hope they get it good.
Score: 4 Votes (Like | Disagree)
B4U Avatar
19 months ago
AT&T, you are next! 🤬
Score: 4 Votes (Like | Disagree)