T-Mobile US has agreed to pay $350 million and spend $150 million to upgrade data security to settle a cyberattack issue that affected 76.6 million smartphone customers on its telecom network.
The preliminary settlement was filed with the federal court in Kansas City, Missouri. It requires a judge’s approval, which the second-largest U.S. wireless carrier said could come by December.
T-Mobile denied wrongdoing, specifically, including accusations that it breached its duties to protect customers’ personal information and had inadequate data security. Brian King is the Chief Information Officer (CIO) of T-Mobile. The telecom operator never revealed the name of the IT partner which was responsible for the cyber security last year.
T-Mobile later said it has entered into long-term partnerships with cybersecurity experts at Mandiant, and consulting firm KPMG to develop strategic plan to mitigate and stabilize cybersecurity risks across the enterprise.
The Bellevue, Washington-based company expects an approximately $400 million pre-tax charge in this year’s second quarter for the settlement. T-Mobile said it contemplated the charge and $150 million of spending in prior financial guidance.
T-Mobile disclosed the data breach last August, saying time it affected more than 47 million current, former and prospective customers. T-Mobile later discovered that the number grew past 50 million, and T-Mobile said in November its investigation uncovered an additional 26 million people whose personal information was accessed.
T-Mobile has said the information included names, addresses, birth dates, driver’s license data and Social Security numbers.
Friday’s settlement covered nationwide litigation combining at least 44 proposed class-action lawsuits, Reuters news report said.
Class members may receive cash payments of $25, or $100 in California, and some could receive up to $25,000 to cover out-of-pocket losses, settlement papers show. They will also receive two years of identity theft protection.
John Binns, a 21-year-old American who had moved to Turkey a few years earlier, took responsibility for the hacking, saying he pierced T-Mobile defenses after finding an unprotected router on the internet, The Wall Street Journal news report said last August.
The plaintiffs’ lawyers may seek fees of up to 30 percent, or $105 million, from the settlement, the settlement papers show.