T-Mobile Data Breach Lawsuit - How to Protect Your Customers' Data

Published on
January 30, 2023
Hailey Carlson

T-Mobile Data Breach Lawsuit - How to Protect Your Customers' Data

A plaintiff, Jennifer Baughman, filed a class action lawsuit on January 22, 2023 against T-Mobile U.S., Inc. She claims that the mobile phone carrier failed to protect its customers and their private data during a data breach. Personally identifiable information (PII) of 37 million T-Mobile customers was made public in a recent data breach, exposing information such as names, birthdates, phone numbers, and email addresses, among further information. Baughman states that she feels T-Mobile failed to “exercise reasonable care” in securing said PII and believes that they should be held responsible for their actions. 

The fact that the information was “unencrypted and unredacted” is a major reasoning behind the suit, as well as the company conducting, what Ms. Baughman’s case states as being, “negligent and/or careless acts or omissions” which lead to the sensitive information being compromised. The suit goes on to say customers suffered “numerous” injuries including financial costs, loss of time and productivity, and a major invasion of privacy, leaving the affected customers at risk of identity theft and other additional personal threats. This is not the first time that T-Mobile has been asked to pay up after a cyber attack. Following a 2021 data breach, T-Mobile agreed to pay out a $350 million settlement to address negligence claims. 

As T-Mobile has made it clear, businesses who do not implement strong cybersecurity defenses to protect their customers’ data will sometimes have consequences beyond those that the business is already acutely aware of (ex: lost money, lost time, public image being damaged, etc.). To avoid legal ramifications and other negative effects, businesses need to ensure they are good stewards of their customers’ information. Here are a few quick tips on how to protect your company and its clientele:

  1. Educate employees on cybersecurity best practices and make them aware of how to spot cyber threats. The folks who work for you represent your company and they are the people on the ground doing the hard work necessary to make your business a success - help them help you by arming them with regular cybersecurity trainings. It is also vitally important that you provide them with resources on what to do in the event of a cybersecurity concern - namely, which experts at your company or elsewhere they can contact with any questions or to report security suspicions. 
  2. Use strong firewalls to help filter the traffic that attempts to access your company’s site. This is a simple step that goes a long way. It acts as a sort of fence around your business, to catch most of the bad guys. But be sure to also have a strong cybersecurity team to further defend in case any savvy hackers find their way over that fence.
  3.  Encrypt your data! Say that a malicious actor does get passed your firewall fence with an attack that your cyber team is unable to thwart and that person gains access to your data. This is understandably worrying. However, it is much less worrying if your data is unreadable to the threat actor because it is encrypted. This step certainly would have at least slowed down the attackers in the T-Mobile breaches, if not thwarted them completely.

Take care of your customers by prioritizing their data's safety!

Image by fabrikasmif for Freepik.