T-Mobile to Pay $500 Million to Settle Claims Related to 2021 Breach
Time 1 Minute Read
Categories: Cybersecurity, Information Security, Security Breach

On July 22, 2022, T-Mobile entered into an agreement to settle a class action lawsuit stemming from its 2021 data breach. The breach involved the personal information of 76.6 million U.S. residents and was T-Mobile’s fifth breach over a four year period. The proposed settlement will require T-Mobile to pay $500 million to settle customers’ claims and to bolster its cybersecurity practices.  

The complaint alleged that T-Mobile “failed to properly protect personal information in accordance with their duties, had inadequate data security, was unjustly enriched by the use of personal data of the impacted individuals, violated certain state consumer statutes and other laws, and improperly or inadequately notified potentially impacted individuals.” T-Mobile denied these allegations and did not admit liability in the proposed settlement agreement.

Under the terms of the proposed settlement, T-Mobile would pay $350 million to a fund that will go to the class action claimants, claimants’ counsel and the costs of administering the settlement. In addition, T-Mobile must commit to spend $150 million above its budgeted baseline on “data security and related technology” for 2022 and 2023. T-Mobile indicated in its 8-K filing with the SEC that “final court approval of the terms of the settlement is expected as early as December 2022.”

Tags: Consumer Protection, Personal Data, Personal Information, Securities and Exchange Commission
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Publishes Guidance on Recognized Legitimate Interest Basis

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Alabama Enacts App Store Accountability Act Requiring Age Verification

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page