According to a court filing included with the settlement deal, the proposed class will consist of more than 76 million US citizens affected by the incident. During its initial statements surrounding the breach, T-Mobile believed a hacker had obtained information on roughly 53 million current, former, and potential customers.
In August 2021, the company started looking into the breach after Vice uncovered allegations on the dark web that allegedly offered T-Mobile customer data for sale.
“Customers are first in everything we do, and protecting their information is a top priority,” T-Mobile said. “Like every company, we are not immune to these criminal attacks. Our efforts to guard against them continue, and over the past year, we have doubled down on our extensive cybersecurity program.”
To enhance its cybersecurity posture, the company said it had hired Accenture, Mandiant, and KPMG, as well as established a “cybersecurity transformation office” under the direction of CEO Mike Sievert.
T-Mobile stated in a Securities and Exchange Commission filing that it anticipates the settlement to be authorized in December at the earliest but warned that appeals or other procedures could cause delays.