11th Class Action Filed Against T-Mobile Over November Data Breach

since 2017. T-Mobile failed to comply with data security industry standards, said the privacy suit (2:23-cv-00172) in U.S. District Court for Western Washington in Seattle. Plaintiffs Robin Dollson of Bucks County, Pennsylvania; Candy Howard of San Mateo County, California; and Leonardo Figueroa of Los Angeles County had their personal identifiable information disclosed without authorization, said the complaint. As a result of the breach, which T-Mobile disclosed to users in a banner ad on its website and in a Jan. 19 8-K filing, plaintiffs have to expend additional time to review their credit reports and monitor their accounts for fraud or identity theft, it said. Data breach notices to customers were “woefully deficient” and “highly misleading,” the complaint said. It cited a comment from Chester Wisniewski, field chief technology officer at security company Sophos, saying the data stolen in the breach is “ideal for SIM swapping attacks and other forms of identity theft.” The November breach was “directly attributable to T-Mobile’s repeated history of security failures,” the complaint said. Plaintiffs claim negligence, breach of contract, unjust enrichment and violation of the Washington Consumer Protection Act, the Pennsylvania Unfair Trade Practices and Consumer Protection Law and three California laws: the Unfair Competition Law, Consumers Legal Remedies Act and Consumer Privacy Act. Plaintiffs seek an injunction requiring T-Mobile to employ adequate security protocols consistent with law and industry standards to protect customers’ information, plus statutory and treble damages, reasonable attorneys’ fees and additional relief to be determined by the court.