T-Mobile US Inc agreed on Friday to pay $350 million and spend
an additional $150 million to upgrade data security to settle
litigation over a cyberattack last year that compromised
information belonging to an estimated 76.6 million people, Trend reports with reference to Reuters.
The preliminary settlement was filed with the federal court in
Kansas City, Missouri.
It requires a judge’s approval, which the second-largest U.S.
wireless carrier said could come by December.
T-Mobile denied wrongdoing, specifically, including accusations
that it breached its duties to protect customers’ personal
information and had inadequate data security.
The Bellevue, Washington-based company expects an approximately
$400 million pre-tax charge in this year’s second quarter for the
settlement. It said it contemplated the charge and $150 million of
spending in prior financial guidance.
T-Mobile disclosed the data breach last August, saying at the
time it affected more than 47 million current, former and
The number soon grew past 50 million, and T-Mobile said in
November its investigation uncovered an additional 26 million
people whose personal information was accessed.
T-Mobile has said the information included names, addresses,
birth dates, driver’s license data and Social Security numbers.
Friday’s settlement covered nationwide litigation combining at
least 44 proposed class-action lawsuits.
Class members may receive cash payments of $25, or $100 in
California, and some could receive up to $25,000 to cover
out-of-pocket losses, settlement papers show. They will also
receive two years of identity theft protection.
John Binns, a 21-year-old American who had moved to Turkey a few
years earlier, took responsibility for the hacking, saying he
pierced T-Mobile defenses after finding an unprotected router on
the internet, The Wall Street Journal said last August.
The plaintiffs’ lawyers may seek fees of up to 30%, or $105
million, from the settlement, the settlement papers show.
Follow us on Twitter