A plaintiff, Jennifer Baughman, filed a class action lawsuit on January 22, 2023 against T-Mobile U.S., Inc. She claims that the mobile phone carrier failed to protect its customers and their private data during a data breach. Personally identifiable information (PII) of 37 million T-Mobile customers was made public in a recent data breach, exposing information such as names, birthdates, phone numbers, and email addresses, among further information. Baughman states that she feels T-Mobile failed to “exercise reasonable care” in securing said PII and believes that they should be held responsible for their actions.
The fact that the information was “unencrypted and unredacted” is a major reasoning behind the suit, as well as the company conducting, what Ms. Baughman’s case states as being, “negligent and/or careless acts or omissions” which lead to the sensitive information being compromised. The suit goes on to say customers suffered “numerous” injuries including financial costs, loss of time and productivity, and a major invasion of privacy, leaving the affected customers at risk of identity theft and other additional personal threats. This is not the first time that T-Mobile has been asked to pay up after a cyber attack. Following a 2021 data breach, T-Mobile agreed to pay out a $350 million settlement to address negligence claims.
As T-Mobile has made it clear, businesses who do not implement strong cybersecurity defenses to protect their customers’ data will sometimes have consequences beyond those that the business is already acutely aware of (ex: lost money, lost time, public image being damaged, etc.). To avoid legal ramifications and other negative effects, businesses need to ensure they are good stewards of their customers’ information. Here are a few quick tips on how to protect your company and its clientele:
Take care of your customers by prioritizing their data's safety!
Image by fabrikasmif for Freepik.