TechCrunch reports that T-Mobile has been sued by Washington state for its negligence in a major cyberattack in August 2021 that resulted in the compromise of data from more than 79 million mobile users across the U.S.
Aside from failing to address cybersecurity vulnerabilities in its systems that could have prevented the data breach, the lawsuit alleged that T-Mobile also improperly informed impacted individuals regarding the extent of the incident, according to Washington State Attorney General Bob Ferguson. T-Mobile not only had weak credentials for internal system-accessing accounts, but also lacked login attempt rate-limiting, as well as proper alerting and monitoring configurations, according to the lawsuit. "This significant data breach was entirely avoidable," Ferguson said.
T-Mobile was not expecting this lawsuit: "While we disagree with their approach and the filing's claims, we are open to further dialogue and welcome the opportunity to resolve this issue, as we have already done with the FCC," said T-Mobile in a statement.
