T-Mobile Announces $350M Settlement Over Data Breach - Plus $150M Security Upgrade (techcrunch.com) 18
76.6 million Americans were affected by last year's T-Mobile data breach, TechCrunch reports — and now in compensation they may have a few bucks coming their way.
T-mobile has announced a settlement of $550 million for affected customers (and the various attorneys bringing the consolidated class action lawsuits) — plus another $150 million "for data security and related technology." For now, the class defined by the settlement document is "the approximately 76.6 million U.S. residents identified by T-Mobile whose information was compromised in the Data Breach," with a little extra legalese for Californians, where class actions are handled slightly differently.
As is common in these giant lawsuits, lawyers take a huge bite and then the company must alert the class members they're owed money, so you can expect a postcard if you were a T-Mobile customer in August of 2021 (in the interest of full disclosure, I was). Then the money gets split up, depending on how many people respond and how much the lawyers take. The final settlement terms could be approved as early as December.
Chances are you won't even be able to cover a single monthly mobile bill with what you get, but these days a $9 check might be the difference between "dinner" and "no dinner" for quite a few people, so let's not mock these small sums — except that it's kind of insulting to have five serious breaches in as many years and all customers get is enough to order off the value menu.
T-mobile has announced a settlement of $550 million for affected customers (and the various attorneys bringing the consolidated class action lawsuits) — plus another $150 million "for data security and related technology." For now, the class defined by the settlement document is "the approximately 76.6 million U.S. residents identified by T-Mobile whose information was compromised in the Data Breach," with a little extra legalese for Californians, where class actions are handled slightly differently.
As is common in these giant lawsuits, lawyers take a huge bite and then the company must alert the class members they're owed money, so you can expect a postcard if you were a T-Mobile customer in August of 2021 (in the interest of full disclosure, I was). Then the money gets split up, depending on how many people respond and how much the lawyers take. The final settlement terms could be approved as early as December.
Chances are you won't even be able to cover a single monthly mobile bill with what you get, but these days a $9 check might be the difference between "dinner" and "no dinner" for quite a few people, so let's not mock these small sums — except that it's kind of insulting to have five serious breaches in as many years and all customers get is enough to order off the value menu.
jail the execs (Score:4, Interesting)
No executive is going to take security seriously until a security failure costs them some serious pain. Fines will not work because they will be covered by the company or insurance. It has to be hard jail time, and a permanent ban on holding any executive position.
There is currently no cost to the CxOs, presidents, and vice-presidents for security failures. There is a dollar cost to build security into their systems, and that comes out of their pockets.
Any breach should be considered conclusive evidence, resulting in immediate 5 years for CxOs, 3 for the presidents, and 2 for the vice-presidents overseeing IT.
Re: (Score:2)
No executive is going to take security seriously until a security failure costs them some serious pain...Any breach should be considered conclusive evidence, resulting in immediate 5 years for CxOs, 3 for the presidents, and 2 for the vice-presidents overseeing IT.
Part of me who has dealt with idiot users and equally ignorant CxOs for three decades, agrees with you 110%.
Now, as to why the other part of me, laughs in your face. Let's just say that by some miracle you actually get lawmakers to pass such laws. Knowing how stupid humans can be at all levels in companies, tell me; would you take the CSO/CTO/CIO position knowing those users actions could result in your jail time?
Let me sum it up. Good luck with that shit.
Re: (Score:2)
But currently, we are at the other extreme end: Investing into actual (not just snake-oil-compliance-theater) security costs money and effort, and current CEO basically feel entitled/obliged to _not_ invest that money, but rather add it to so
Re: (Score:3)
In the 1980's, my ex-father-in-law worked for Westinghouse at the "submarines in the desert" sites in Idaho Falls and Arco, Idaho. He was a PhD in Chemical Engineering and in charge of quality control.
He was responsible for insuring the quality of all parts purchased. Quality as in a part must meet spec AND be fit for use.
If the Navy discovered that he approved a problem part, it was pretty much given that he was going to do two years in a federal prison.
Re: jail the execs (Score:1)
Re: (Score:2)
To be fair, even if you do everything right it's no guarantee that there won't be some zero day you didn't know about, or some employee who went rogue. The law needs to be reasonable - did they make a reasonable effort to protect that data, and when they discovered it was stolen did they make a reasonable effort to stop it being sold?
And by reasonable I don't meant they kept their MacAfee subscription up to date, I mean serious security measures, outside audits that were responded to appropriately, etc.
That
Re: (Score:1)
It has to be hard jail time, and a permanent ban on holding any executive position.
That seems excessive considering that we've got companies that are literally making people sick and/or ruining the environment, and that's perfectly legal. As far as company negligence causing actual harm, I've never even noticed any detrimental effects from any of the data breaches I've been involved in. I guess I'm too poor to be worth it for some bad guy to try stealing my identity. I have gotten a lot of free credit monitoring services and replacement credit cards over the years, though.
On the other
Re: (Score:3)
Fines will not work because they will be covered by the company or insurance.
Or perhaps we can expect to see something like a "personal data security fee" or "litigation offset fee" added as a line item to customers' bills in order to recoup the cost of the settlement...
Re: jail the execs (Score:1)
Don't Mock the Hand that Fucks You (Score:4, Insightful)
"...let's not mock these small sums — except that it's kind of insulting to have five serious breaches in as many years and all customers get is enough to order off the value menu."
Lawyers designed and lobbied for this system of corrupt "income" for their benefit, not yours. Lawyers don't even work for "you" or "justice" anymore. They don't even exist as a deterrent when every legal settlement is STILL financially profitable for the company at fault.
Class-actions are a pathetic waste of time for everyone except the lawyers, and exist to allow Greed N. Corruption to get away with massive amounts of harm without admitting fault or ending their business. They can literally kill without impunity or remorse.
That's not just "insulting". It's fucking criminal. The insult, is calling it anything less.
Re: (Score:2)
How about deleting the data you don't need ie SSN (Score:4, Insightful)
I recently tried to upgrade my data limit on T-Mobile. They refused unless I gave them my SSN, which I had not provided many years ago when I originally signed up.
No company should have customer's SSN unless required by law. And even then it should not be used as an ID.
Re: (Score:1)
No company should have customer's SSN unless required by law. And even then it should not be used as an ID.
You don't have to provide a SSN if you use a prepaid account. The reason mobile carriers ask for a SSN is so that if you're establishing postpaid service, they can report you to the credit bureaus if you skip out on the bills.
In the old days, it was possible to run up a pretty substantial bill with roaming fees and j2me app store purchases, but nowadays it's the handset financing that they're worried about keeping a leash on you for.
I like the fact that we're such a dystopia (Score:3)
Re: (Score:1)
That we excuse these incredibly minimalistic fines as being okay because so many Americans don't have enough money to buy food. I mean wow, just wow.
I don't imagine there's a lot of overlap in the Venn diagram between "people who have T-Mobile postpaid service" and "people who can't afford a $9 dinner". Most of the poor folks are on budget MVNO carriers.
When my brother had Boost, a few times he'd actually get his bill paid by people who were trying to reach him, so they made his payment to have his phone turned back on. Not sure if Boost still does that (let any random person pay your bill), but they used to.
Not sure how many can even claim this? (Score:2)
I'm a long time T-Mobile customer myself and have received several letters over the years from them, notifying me that my data was part of breaches.
I received an invitation to participate in a class action suit, not that long ago, and accepted. The last thing I received from the law firm involved was essentially a notice that I was being dropped as a member qualifying to receive settlement money unless could provide them with evidence that the breach caused me financial harm. (They wanted such things as pro