TechCrunch reports that T-Mobile has been sued by Washington state for its negligence in a major cyberattack in August 2021 that resulted in the compromise of data from over 79 million individuals across the U.S.
Aside from failing to address cybersecurity vulnerabilities in its systems that could have prevented the sweeping data breach, T-Mobile also improperly informed impacted individuals regarding the extent of the incident, according to Washington State Attorney General Bob Ferguson. T-Mobile not only had weak credentials for internal system-accessing accounts but also lacked login attempt rate-limiting, as well as proper alerting and monitoring configurations, the lawsuit revealed. "This significant data breach was entirely avoidable," Ferguson said. Such a lawsuit was not expected by T-Mobile. "While we disagree with their approach and the filing's claims, we are open to further dialogue and welcome the opportunity to resolve this issue, as we have already done with the FCC," said T-Mobile in a statement.
