Export Compliance Daily is a Warren News publication.
'Ascertainable Losses'

T-Mobile Didn't 'Timely Advise' Breach Victims, Says 12th Class Action

In the 12th known federal class action brought against T-Mobile for its latest data breach, plaintiff Richard Smith sued the carrier Wednesday in U.S. District Court for Western Washington in Seattle for its “failure to protect and properly secure” his and other customers’ sensitive personal identifiable information (PII). His complaint (docket 2:23-cv-00188) also seeks to hold T-Mobile accountable for its alleged failure to “timely advise” customers of the November breach.

Sign up for a free preview to unlock the rest of this article

Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.

T-Mobile disclosed the breach Jan. 19, saying it first learned of it Jan. 5. Smith, a resident of Pierce County, Washington, at times relevant to the lawsuit and now living in Pima County, Arizona, first learned of the breach from T-Mobile Jan. 31, he said. The plaintiff said he and class members suffered “injury and ascertainable losses” from present and imminent threats of fraud and identity theft, out-of-pocket expenses, loss of value of time incurred to mitigate the effects of the attack, and diminution of the value of their PII.

Smith spent money on credit monitoring and identity theft protection due to the breach, plus suffered lost time, annoyance, interference and inconvenience, he said. Smith noted T-Mobile signed a settlement agreement in July to pay $350 million to settle multiple consolidated lawsuits on behalf of a nationwide class, arising from an August 2021 data breach.

The settlement included a commitment to invest $150 million in “major investments to improve its network and data security” and to address vulnerabilities resulting in the release of PII of over 50 million customers, said Smith. That followed two breaches in 2020, and those in 2019 and 2018, after which the company claimed it would beef up security to properly safeguard customers’ information, said the complaint.

The plaintiff claims negligence, breach of contract, invasion of privacy and violation of the Washington Consumer Protection Act. In addition to monetary relief, the plaintiff seeks injunctive relief, and a requirement that T-Mobile safeguard all data collected through the course of its business and to regularly test and update its security measures to meet industry standards.