T-Mobile customers, both past and present, may be eligible for part of the carrier’s mammoth $350 million class action settlement to resolve claims that T-Mobile’s negligence was to blame for a 2021 cyberattack that exposed millions of people’s addresses, PINs and other personal information.
The carrier hasn’t acknowledged any wrongdoing. In a statement shared with CNET, T-Mobile said it was “pleased to have resolved this consumer class action filing.”
“Customers are first in everything we do and protecting their information is a top priority,” a T-Mobile representative said. “Like every company, we are not immune to these criminal attacks.”
T-Mobile agreed to a settlement in July, but the deadline to file a claim for a share of the payout is coming up next month.
In addition to cash payments to affected customers, T-Mobile has agreed to invest $150 million in improving data security. If the settlement deal is approved, it will be the second-largest data breach payout in US history, following Equifax’s $700 million settlement in 2019.
Here’s what you need to know about the T-Mobile data breach, including how to find out if you’re eligible for payment, how much you might get and the deadline to file a claim.
For more on class action suits, find out if you qualify for Smashburger’s $5 million false-advertising payout or Keurig’s $10 million settlement over K-Cups’ recyclability.
What happened in the T-Mobile data breach case?
On Aug. 15, 2021, T-Mobile reported that a cyberattack had led to the theft of millions of people’s personal information.
Exactly how many people were hacked and how they were impacted isn’t clear: T-Mobile has said that only about 850,000 people’s names, addresses and PINs were “compromised.”
According to court filings, however, approximately 76.6 million people had their data exposed. And an individual selling the information on the dark web for six bitcoin (approximately $277,000 at the time) told Vice they had data relating to more than 100 million people, all compiled from T-Mobile servers.
John Binns, a 21-year-old living in Turkey, eventually took responsibility for the breach, the fifth such attack on T-Mobile since 2015.
“I was panicking because I had access to something big,” Binns told The Wall Street Journal. “Their security is awful.”
Who is eligible for money in the settlement?
T-Mobile has identified 76 million US residents whose information was compromised in the data breach, though the final number may be even higher.
Most class members were notified of the proposed settlement by mail, but you can confirm your status by emailing the Settlement Administrator or calling 833-512-2314.
The deadline to object to the settlement or be excluded from it and retain your rights to file a separate lawsuit was Dec. 8, 2022.
How do I file a claim?
You can submit a claim via the settlement website or also mail a completed claim form to:
T-Mobile Data Breach Settlement
c/o Kroll Settlement Administration LLC
P.O. Box 225391
New York, NY 10150-5391
Claims must be submitted by 11:59 p.m. PT on Jan. 23, 2023, or be postmarked by that date
How much money could I receive from the T-Mobile settlement?
Current and former T-Mobile customers are eligible for a $25 cash payment, according to the settlement website. California residents are entitled to $100.
You can be reimbursed up to $25,000 if you had to spend time or money to recover from fraud or identity theft relating to the breach, though you must submit extensive documentation supporting your claim.
T-Mobile is also offering two free years of McAfee’s ID Theft Protection Service to anyone who believes they may have been a victim of the hack.
A final approval hearing for the settlement has been scheduled for Jan. 20, 2023. Payments are typically sent out within 90 days of settlements being approved, though appeals could slow down the process.
“This may take several months or more,” according to the settlement website. “Please be patient”
What’s T-Mobile doing to protect against future data breaches?
T-Mobile has “doubled down” on fighting hackers, the company said in its July 22 statement. It is boosting employee training, collaborating on new protocols with industry experts like Mandiant and Accenture and creating a cybersecurity office that reports directly to CEO Mike Sievert.
T-Mobile also fell prey to the hacker ring Lapsus$ in March 2022. Hackers accessed employee accounts and attempted to find T-Mobile accounts associated with the Department of Defense and FBI, TechCrunch reported.
They were thwarted by secondary authentication checks.
Read more: How to Protect Your Personal Data After a Security Breach