Topics
late
AI
Amazon
Image Credits:Gabby Jones / Bloomberg / Getty Images
Apps
Biotech & Health
clime
Cloud Computing
Department of Commerce
Crypto
endeavor
EVs
Fintech
Fundraising
appliance
stake
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
security system
societal
Space
inauguration
TikTok
DoT
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
newssheet
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
The U.S. state of Washington has sued T - Mobile over allegement the telephone giant failed to secure the personal information of one thousand thousand of state residentsprior to an August 2021 datum breach , which move on to affect more than 79 million customers across the United States .
Ina statementannouncing the lawsuit , Washington lawyer superior general Bob Ferguson said T - Mobile “ recognise for years about certain cybersecurity vulnerabilities and did not do enough to address them . ” Ferguson enounce the suit seeks financial damages under the state ’s consumer shelter laws and to order T - Mobile to improve its cybersecurity policies .
The hack against T - Mobile in August 2021 was the in vogue in a series of data falling out at the company over late years , with at least five security system incident date stamp back to 2018by TechCrunch ’s count . The rift allowed a hacker access to T - Mobile ’s systems and exfiltrated customer name , date of nascency , and Social Security routine , as well as equipment driver ’s license information . Some of the slip T - Mobile customer information was subsequently bring out on a screw cybercriminal forum .
Ferguson accused T - Mobile of provide unequal notification to touched customer following the breach that “ omitted critical data and downplayed the asperity , ” which Ferguson say affected the power of consumer to assess their risk of personal identity stealing or fraud .
“ This significant data breach was altogether avoidable , “ Ferguson was quote as saying in the press release . “ T - Mobile had old age to desexualize cardinal vulnerabilities in its cybersecurity system of rules — and it break down . ”
Thelawsuit , file in a Seattle Union court , contained meaning redactionsmasking specific technological details of the August 2021 hack , but the charge appears to detail aver proficient security deficiencies and internal company policies that may have made it easier for the hacker to access and download client information from T - Mobile ’s server .
The unredacted portions note that the cyber-terrorist targeting T - Mobile discovered an “ easily guessable username and password ” ; that T - Mobile “ used weak credentials ” on accounts for access its intimate systems ; and that T - Mobile “ tolerate the connection from the terror actor ’s IP address ” from outside its connection . The complaint also read T - Mobile did not implement rate - limiting on any login attempts , allowing the cyber-terrorist to freely test as many credentials without lock the employee report in interrogation .
The suit also says the company ’s “ inadequate monitoring and alerting configuration ” made it easier for the hack to get at T - Mobile ’s meshing without being noticed .
Ferguson ’s ailment adds that T - Mobile ’s public statement misrepresented the sufficiency of its cybersecurity defenses and the threat to T - Mobile ’s customers ’ data found on the dark internet , and said the fellowship ’s demeanor “ had the capacity to deceive a substantive number of Washington consumer . ”
When reached by TechCrunch prior to publication , T - Mobile did not supply input at insistency clock time . In a financial statement provided by T - Mobile interpreter Michelle Jacob after this storey posted , the society said the lawsuit amount as a “ surprise . ”
“ While we disagree with their approach and the filing ’s claim , we are clear to further dialogue and welcome the chance to decide this outcome , as we have already done with the FCC , ” the program line said .
Updated with comment from T - Mobile .
