US-based T-Mobile has settled a massive data breach settlement over a cyberattack last year that compromised information belonging to an estimated 76.6 million people. The company agreed to pay $350 million and spend an additional $150 million to upgrade data security. T-Mobile disclosed the breach last August. At first, 47 million current, former and prospective clients were thought to be affected. The number was raised past 50 million, and T-Mobile said in November its investigation uncovered an additional 26 million people whose personal information was accessed.
The Data Breach Settlement Covered Nationwide Litigation Including 44 Proposed Lawsuits
T-Mobile denied wrongdoing, especially, including accusations it had insufficient data security. The company has said the information included names, addresses, birthdates, driver’s license data, and Social Security numbers. The data breach settlement covered nationwide litigation combining at least 44 proposed class-action lawsuits. Class members may receive cash payments of $25, or $100 in California, and some could receive up to $25,000 to cover out-of-pocket losses, settlement papers show. They will also receive two years of identity theft protection.
The Hacker Responsible for the Incident Has Been Found
John Binns, a 21-year-old American who had moved to Turkey a few years earlier, took responsibility for the hacking. The impact of the data breach settlement on the company’s bottom line is approximately a $400 million pre-tax charge in this year’s second quarter. T-Mobile said it contemplated the charge and $150 million of spending in prior financial guidance. The settlement could be approved by December.
T-Mobile issued a statement Friday about the settlement on its website. “As we continue to invest time, energy, and resources in addressing this challenge, we are pleased to have resolved this consumer class action filing,” the company said.