If you’re a current or past T-Mobile customer, you may be owed money in a rather large legal settlement. T-Mobileto settle litigation over a 2021 cyberattack that exposed millions of users’ personal information.
The carrier’s resolved consumer hasn’t acknowledged any wrongdoing, but in a statement shared with CNET, said it was “pleased to have this class action filing.”
“Customers are first in everything we do and protecting their information is a top priority,” T-Mobile said. “Like every company, we are not immune to these criminal attacks.”
If given final approval, the agreement will be the second-largest data breach settlement in US history, following Equifax’s.
Find out what you need to know about the T-Mobile data breach, including who is eligible for a check, how much they might get and when the money could arrive.
For more on class action suitsfind out if you qualify for a payout from Facebook’s $90 million settlement, the $190 millioncase or AT&T’s .
What happened in the T-Mobile data breach case?
On Aug. 15, 2021, T-Mobile reported a cyberattack had led to the theft of millions of people’s personal information — including names, addresses, birth dates, Social Security numbers, driver’s license details and unique codes that identify individual phones.
Exactly how many people were hacked and how they were impacted is unclear: According to court filings, approximately 76.6 million people had their data exposed, but T-Mobile has claimed only about 850,000 people’s names, addresses and PINs were “compromised.”
An individual selling the information on the dark web for 6 bitcoin (approximately $27,000 at the time) told Vice they had data relating to over 100 million people, all compiled from T-Mobile servers.
John Binns, a 21-year-old living in Turkey, eventually took responsibility for the cyberattack, thethat has hit T-Mobile since 2015. “I was panicking because I had access to something big,” Binns told The Wall Street Journal. “Their security is awful.”
The July 24 settlement, filed in the US District Court for the Western District of Missouri, merges at least 44 class-action suits that claimed T-Mobile was lax with its cybersecurity. It also improves in $150 million that T-Mobile data security.
Cyberattacks aside, T-Mobile still expects to add 6 million to 6.3 million new customers this year — making it the industry leader in subscriber growth over rivals AT&T and Verizon.
How much money could I receive from the settlement?
Class members — in this case, people who were T-Mobile customers in August 2021 — could receive cash payments of $25, Reuters reported, or $100 if they are California residents.
It could also be substantially less, depending on how many people respond. In addition to paying out claims, the $350 million has to go toward settling legal fees and administrative costs. The plaintiffs’ lawyers may charge up to 30% of the settlement, according to court filings.
Separately, some people could receive as much as $25,000 to cover losses they suffered as a direct result of the breach.
T-Mobile is also offering two free years of McAfee’s ID Theft Protection Service to anyone who believes they may have been a victim of the hack.
How do I find out if I qualify for a payment from T-Mobile?
T-Mobile has not released the full details of its payment plan. Typically class members are notified they are eligible by mail. (Full disclosure: This reporter was a T-Mobile customer at that time.)
Read more: How to Protect Your Personal Data After a Security Breach
Once customers are notified, they are then given 90 days to submit claim forms or request to opt out of the settlement and reserve the right to pursue their own separate legal claims, according to court papers.
It could be several months before individuals find out if they will receive money from the settlement, TechCrunch reported.
When will payments go out?
Qualified class members likely won’t see any money until at least 2023. T-Mobile has 30 days to provide the court with a list of class members, along with their phone numbers and mailing and email addresses, “to the extent available.”
Once eligible parties are notified, claims can be submitted. Legal fees are deducted and the remaining money is divvied up among class members who feel back claims. That could take months.
In addition, the $350 million payout has only received preliminary approval. It still requires final sign-off from a judge, which T-Mobile said would come by December at the earliest.
What is T-Mobile doing to protect against future security breaches?
T-Mobile has “doubled-down” on fighting hackers, the company said in its July 22 statement, by boosting employee training, collaborating with industry experts like Mandiant and Accenture on new protocols and creating a cybersecurity office that reports directly to the company’s chief executive officer, Mike Sievert.
Security journalist Brian Krebs reported in April 2022 that T-Mobile was a victim of the Lapsus$ hacking group.
The hackers accessed employee accounts and attempted to find T-Mobile accounts associated with the Department of Defense and FBI, TechCrunch reported. They were thwarted by secondary authentication checks.