T-Mobile has agreed to settle a class action lawsuit related to a 2021 cyberattack and data breach at the mobile wireless company. The deal, if approved by a U.S. District Court, would involve a $350 million settlement payment. Moreover, T-Mobile would boost data security and related technology spending by $150 million in 2022 and 2023, according to an SEC filing.
Final court approval may arrive by December 2022 -- but the finalized agreement could be delayed by appeals or other proceedings, and T-Mobile has the right to terminate the agreement under certain conditions, the SEC filing indicated.
The settlement contains no admission of liability, wrongdoing or responsibility by T-Mobile -- which has suffered multiple high-profile cyberattacks in recent years.
T-Mobile's 2021 Data Breach Cleanup
After the 2021 cyberattack, T-Mobile hired Mandiant and KPMG for long-term cybersecurity consulting engagements.
Chatter about the T-Mobile breach in 2021 surfaced amid the U.S. federal government’s effort to tighten cybersecurity across the country. The effort includes President Biden’s cybersecurity executive order, which mentioned IT service providers more than a dozen times. The May 2021 executive order emphasized the need for service providers to coordinate their cyber and infrastructure security efforts with government agencies.
T-Mobile is one of the largest U.S. carriers. The company merged with Sprint in April 2020 to “deliver a transformative 5G network,” the two businesses said at the time. T-Mobile's next quarterly earnings call is scheduled for July 27, 2022.
T-Mobile and Sprint: Multiple Cybersecurity Setbacks
T-Mobile and Sprint are familiar cyberattack targets. Both companies suffered separate security breaches in 2018 or so, according to reports at the time.