T-Mobile to take $400M hit from hacking settlement

Under the terms of a proposed settlement, T-Mobile will pay $350 million to customers and others affected by its 2021 cyber hack. That could include up to 76.6 million people.

Mike Dano, Editorial Director, 5G & Mobile Strategies

July 25, 2022

2 Min Read
T-Mobile to take $400M hit from hacking settlement

T-Mobile said it will record a $400 million charge in the second quarter of 2022 related to its decision to settle a class action lawsuit over a cyber hack into its systems in 2021.

Under the terms of the proposed settlement, the company would pay $350 million to affected customers and their lawyers. According to Cnet, that could include up to 76.6 million people, many of whom are T-Mobile customers.

Also per the settlement, T-Mobile would spend around $150 million on "data security and related technology in 2022 and 2023." Among those efforts: Using Mandiant, Accenture and KPMG to "design strategies and execute plans to further transform our cybersecurity program," according to T-Mobile, and conducting nearly 900,000 training courses for employees and partners.

"The settlement contains no admission of liability, wrongdoing or responsibility by any of the defendants," the company noted in an SEC filing disclosing the settlement. T-Mobile said it expects court approval of the settlement by December, but warned that could be delayed by appeals or other proceedings.

Figure 1: (Source: Marcos Alvarado/Alamy Stock Photo) (Source: Marcos Alvarado/Alamy Stock Photo)

T-Mobile first disclosed the details of the massive hack roughly a year ago. The breach exposed information including customer names, Social Security numbers, phone numbers, addresses and dates of birth. It was the latest in a series of breaches of T-Mobile security.

However, justice may have come to some of the hackers involved in the 2021 theft of data from T-Mobile. The US Department of Justice (DoJ) released an indictment earlier this year against Diogo Santos Coelho in a case that appears to involve the sale of T-Mobile's data.

According to the DoJ's indictment, in August of 2021, Coelho allegedly posted on RaidForums that he was "SELLING 30M SSN + DL + DOB database."

"A subsequent post confirmed that the hacked data belonged to a major telecommunications company and wireless network operator that provides services in the United States," according to the indictment.

Both MotherBoard and Krebs on Security claimed that the unnamed telecom company was T-Mobile. However, T-Mobile didn't respond to questions from MotherBoard on the topic.

T-Mobile is scheduled to report its second quarter results later this week. All eyes are on the company following Verizon's uninspiring results.

Related posts:

Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano

About the Author

Mike Dano

Editorial Director, 5G & Mobile Strategies, Light Reading

Mike Dano is Light Reading's Editorial Director, 5G & Mobile Strategies. Mike can be reached at [email protected], @mikeddano or on LinkedIn.

Based in Denver, Mike has covered the wireless industry as a journalist for almost two decades, first at RCR Wireless News and then at FierceWireless and recalls once writing a story about the transition from black and white to color screens on cell phones.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like