March 28, 2023

Volume XIII, Number 87


March 27, 2023

Subscribe to Latest Legal News and Analysis

T-Mobile Sued for Data Breach of 37 Million Records

On January 22, 2023, T-Mobile was sued in federal court in California alleging negligence, unjust enrichment, breach of express contract, breach of implied contract, and invasion of privacy over the recently-disclosed data breach of more than 37 million postpaid and prepaid customer records.

According to the complaint, the plaintiff was informed just two days before suit was filed that information belonging to her and other class members was “accessed and acquired by the unauthorized actor” and that class members “are at imminent risk of identity theft.”

On the other hand, T-Mobile has stated in a recently filed Form 8-K that the threat actor obtained data through a single API (application programming interface), that the company discovered and stopped it within one day, and that the threat actor was unable to compromise its systems or network. Significantly, T-Mobile stated that the data accessed by the bad actor did not include any financial information or Social Security numbers. Instead, the data accessed included customers’ “names, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features.”

Based on the facts presented by T-Mobile, we expect that the company will vigorously defend the suit and a motion to dismiss the complaint will be forthcoming. There is strong precedent that requires plaintiffs to prove substantial harm in order to withstand a motion to dismiss. No matter how this particular case plays out, what is astounding is the speed at which suits are filed after a data breach is announced, no matter the facts.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XIII, Number 26

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...