![]() On August 17, 2021, T-Mobile reported a data breach compromising the sensitive personal information of millions of current, former, and prospective T-Mobile customers. Understand how reasonable security requirements apply to your specific organization with a DoCRA risk assessment.OAKLAND – Attorney General Rob Bonta today, as part of a multistate coalition, issued a consumer alert for those impacted by the August 2021 T-Mobile data breach, which affected 53 million individuals, including over 6 million California residents. DoCRA can also demonstrate duty of care in litigation. Establishing reasonable security for your organization helps in the cybersecurity underwriting process showcasing how you manage your risk appropriately. That is where a Duty of Care Risk Assessment (DoCRA) can strengthen your security program. They also want some proof that a potential client is implementing reasonable security practices. Many insurance companies require a list of prescribed security controls such as multi-factor authentication (MFA). Those companies deemed a high risk are simply denied coverage. To curb these losses, insurance companies have become a lot more selective on who they choose to cover, often cherry-picking customers according to their perceived risk factor. Insurance companies have been losing on the cyber policies they issued prior to the pandemic, forcing renewal rates to rise dramatically. On top of that, the number of cyberattacks continues to increase each year, leading the industry to believe that cybercrime costs will reach $10.5 trillion annually by 2025. The escalating costs of class action settlements is one more reason why cybersecurity insurance is a necessity for any business today. This office will be responsible for ramping up employee cybersecurity training. T-Mobile will also create a Cybersecurity Transformation Office that will report directly to the CEO. The company also agreed to commit a minimum of $150 million for data security and related technologies for years 20, above its previously budgeted baseline. In addition to the monetary awards, T-Mobile will also offer free enrollment for identity protection services and credit monitoring over a two-year period. In September 2022, T-Mobile agreed to pay a record-setting settlement of $350 million. Violation of state consumer protection and privacy laws including CCPA.Breach of express contract and implied contract.The plaintiffs also asserted additional claims including: The complaint also stated that T-Mobile did not properly disclose the fact that social security numbers had been compromised in the attack, this resulted in the victims being unaware of this fact. This practice helps prevent hackers from inundating servers with requests. One specific example brought out was that the company did not utilize “rate limiting,’ an industry standard practice that limits the number of data requests a server can receive within a given timeframe. Plaintiffs argued that T-Mobile did not take basic measures to properly safeguard their data. In the MDL suit, the plaintiffs alleged that they “entrusted their sensitive personally identifiable information (PII) to T-Mobile with the understanding that T-Mobile would keep their information secure and employ reasonable and adequate security measures to ensure that it would not be compromised.” The suit then asserted that had the plaintiffs known about T-Mobile’s lax security practices, they would not have done business with them. District Court of the Western District of Missouri. These were then consolidated into a multidistrict litigation (MDL) class action suit filed before the U.S. As a result of the attack, more than 40 data privacy litigation suits were filed across the country. T-Mobile confirmed that no customer financial information such as credit card or debit card information was exposed in the incident. Some of the data included first and last names, social security numbers (SSN), data of birth and driver’s license information. ![]() An investigation conducted by the company determined that the data of more than 53 million people had been compromised including that of current, former, and prospective customers. On August 16, 2021, T-Mobile experienced yet another cyberattack that resulted in a data breach. It experienced another attack in 2019 involving its prepaid customers followed by two attacks in 2020. Another breach occurred in 2018, involving more than 2 million customers. The first large breach occurred between Septemand Septemand affected some 18 million customers. The company has been repeatedly targeted by external threat actors over the past decade. and has an estimated 110 million subscribers. T-Mobile is the second-largest wireless carrier in the U.S.
0 Comments
Leave a Reply. |