A negligence suit filed in Los Angeles, Calif. claims that T-Mobile US Inc. has once again failed to protect its mobile subscribers’ personal information, including their names, contact and demographic information, and date of birth. According to the filing, news of the breach broke on January 20, though T-Mobile said one or more hackers breached its system and obtained the information two months prior.
The suit follows on the heels of T-Mobile’s settlement with a class of about 75 million prospective, current, and former subscribers who had their information, including social security numbers, lifted from T-Mobile networks in August 2021. The plaintiffs in that case secured an alleged record figure of $350 million to compensate victims, pending final court approval.
This week’s complaint, filed by a California woman on behalf of a class of “similarly situated current and former student loan borrowers or anyone else impacted in the data breach,” says that T-Mobile’s failure to take appropriate steps to protect the customer information is particularly egregious considering “its previous experience as the target of cyberattacks.”
The complaint explains that in official filings, T-Mobile disclosed that the hack was discovered on January 5, though unidentified actors obtained data starting around Nov. 25, 2022 through a single Application Programming Interface, affecting individuals whose information was stored on T-Mobile servers in multiple states. Reportedly, the breach impacts an estimated 37 million customers, though the complaint notes that the number could rise.
In addition to negligence, the suit states claims for breach of contract, unjust enrichment, and invasion of privacy on behalf of nationwide and California classes.