T-Mobile to take $400M hit from hacking settlement

T-Mobile said it will record a $400 million charge in the second quarter of 2022 related to its decision to settle a class action lawsuit over a cyber hack into its systems in 2021.

Under the terms of the proposed settlement, the company would pay $350 million to affected customers and their lawyers. According to Cnet, that could include up to 76.6 million people, many of whom are T-Mobile customers.

Also per the settlement, T-Mobile would spend around $150 million on "data security and related technology in 2022 and 2023." Among those efforts: Using Mandiant, Accenture and KPMG to "design strategies and execute plans to further transform our cybersecurity program," according to T-Mobile, and conducting nearly 900,000 training courses for employees and partners.

"The settlement contains no admission of liability, wrongdoing or responsibility by any of the defendants," the company noted in an SEC filing disclosing the settlement. T-Mobile said it expects court approval of the settlement by December, but warned that could be delayed by appeals or other proceedings.

Figure 1: (Source: Marcos Alvarado/Alamy Stock Photo)

T-Mobile first disclosed the details of the massive hack roughly a year ago. The breach exposed information including customer names, Social Security numbers, phone numbers, addresses and dates of birth. It was the latest in a series of breaches of T-Mobile security.

However, justice may have come to some of the hackers involved in the 2021 theft of data from T-Mobile. The US Department of Justice (DoJ) released an indictment earlier this year against Diogo Santos Coelho in a case that appears to involve the sale of T-Mobile's data.

According to the DoJ's indictment, in August of 2021, Coelho allegedly posted on RaidForums that he was "SELLING 30M SSN + DL + DOB database."

"A subsequent post confirmed that the hacked data belonged to a major telecommunications company and wireless network operator that provides services in the United States," according to the indictment.

Both MotherBoard and Krebs on Security claimed that the unnamed telecom company was T-Mobile. However, T-Mobile didn't respond to questions from MotherBoard on the topic.

T-Mobile is scheduled to report its second quarter results later this week. All eyes are on the company following Verizon's uninspiring results.

Related posts:

— Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano