We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

T-Mobile Hit by Another Lawsuit Over 2021 Data Breach

T-Mobile Hit by Another Lawsuit Over 2021 Data Breach
Author Image Husain Parvez
Husain Parvez Published on 10th January 2025 Cybersecurity Researcher

T-Mobile is facing a new lawsuit from the Washington State Attorney General over its handling of a 2021 data breach that compromised the personal information of 79 million customers. The lawsuit, filed by Attorney General Bob Ferguson, accuses the telecommunications giant of failing to secure its systems despite knowing of cybersecurity vulnerabilities for years prior to the breach.

According to Ferguson, the breach exposed sensitive data, including names, addresses, phone numbers, Social Security numbers, and driver’s license information. More than 2 million Washington residents were affected, with at least 183,000 having their Social Security numbers stolen. The cyberattack, which started in March 2021, went undetected until August of that year.

Ferguson stated, “This significant data breach was entirely avoidable. T-Mobile had years to fix key vulnerabilities in its cybersecurity systems — and it failed.”

The hackers exploited an “easily guessable username and password” and a lack of adequate security monitoring. Ferguson’s lawsuit alleges that T-Mobile failed to meet industry cybersecurity standards, which allowed the attack to go unnoticed for months. The breach was only discovered after an outside source reported that customer data was being sold on the dark web.

According to TechCrunch, the lawsuit also claims that T-Mobile misled customers about the severity of the breach. Notifications sent to affected individuals reportedly left out critical information, making it difficult for them to assess their risk of identity theft.

This is not the first time T-Mobile has faced legal consequences for its cybersecurity failures. The company suffered at least two data breaches in 2023 alone, reaching its ninth major security incident since 2018. In response to the lawsuit, a T-Mobile spokesperson told The Record that the company was surprised, stating that it had been in discussions with the Washington Attorney General’s office about the issue.

T-Mobile disagrees with the lawsuit’s claims but says it remains open to further discussions. The company also emphasized that it has improved its cybersecurity practices in recent years.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address