In a record-setting proposed settlement filed last week, T-Mobile has agreed to pay $350 million and boost its data security by $150 million over the next two years to resolve multidistrict litigation brought by T-Mobile customers whose data was allegedly exposed in a 2021 data breach. Read on for the terms of the settlement, which may serve as a model in other high stakes data security cases going forward.
Recall that in August 2021, T-Mobile disclosed that it had been the victim of a cyberattack that resulted in the compromise of some current, former and prospective customers’ SSN, name, address, date of birth and driver’s license/ID information the “Data Event”). By T-Mobile’s account, no “customer financial information, credit card information, debit or other payment information” was exposed in the attack. Nevertheless, over 40 putative class action claims were filed seeking damages for the improper disclosure of Plaintiffs’ personal information. In December 2021, the Judicial Panel on Multidistrict Litigation transferred and centralized the putative class actions into the MDL standing before the Western District of Missouri.