T- Mobile has agreed to pay $350 million to “nearly 80 million” customers whose personal information was stolen in a cyberattack against the company, ABC News reported on Sunday, July 24, 2022 (read story here). The stolen information included names, Social Security numbers, and driver’s license information.
(Another source here put the number at “nearly 77 million.” T-Mobile originally said the data breach affected 47 million customers, see story here, but the number kept climbing. For purposes of this article, I’m using the 77 million number.)
That dollar figure apparently doesn’t include attorneys’ fees, because T-Mobile said it will record a pre-tax charge of $400 million. Based on that, I calculate the average compensation to each customer will amount to less than 5 bucks.
The primary culprits, of course, are the hackers; but in cases like this, they’re usually foreign actors — sometimes hostile governments — beyond the reach of U.S. law or customer recourse.
I haven’t read the lawsuit, but T-Mobile’s liability would have to be based on either a breach of contract or a negligence theory. Breach of contract would come into play if the company promised to safeguard customer information. So if you look at this result as a sort of apportionment of responsibility, most of the liability falls on the hackers, with T-Mobile offering pennies to the customers for not doing more to protect them.
The main recourse customers have, therefore, is to walk away from this company and take their wireless business elsewhere, hopefully to a provider who does a better job of safeguarding their personal information, although there are so many data breaches no business can be trusted and no one’s information is safe.
For what it’s worth, T-Mobile didn’t admit any wrongdoing, as one of the explicit terms of the settlement.