Washington State's Attorney General Bob Ferguson has escalated the struggle over consumer privacy and security into the courts, filing a lawsuit against telecommunications giant T-Mobile for what is being termed a "massive data breach." The suit alleges that T-Mobile's lax security protocols compromised the personal data of over 2 million Washington residents, leaving them susceptible to fraud and identity theft, according to the Washington State's Attorney General's Office.
Ferguson's legal action, initiated in King County Superior Court, confirms not only the breach but also a history of alleged negligence by T-Mobile. The company reportedly knew about cybersecurity weaknesses for years and misrepresented to consumers its commitment to protecting their personal data. At the heart of the lawsuit sits an accusation that T-Mobile did not properly notify affected Washingtonians, downplaying the event's severity and cloaking the full extent of the compromised data.
The data breach itself, which surfaced in August 2021 after a hacker infiltrated T-Mobile's internal network, affected 79 million people nationwide. This breach, which started in March of that year and wasn't identified until five months later, was detailed after an anonymous source notified T-Mobile of customer data being sold on the dark web. Personal information exposed included not just names, phone numbers, and addresses, but also Social Security numbers, particularly for 183,406 Washingtonians.
Addressing how T-Mobile communicated—or didn't communicate—Ferguson says via the Attorney General's Office, "This significant data breach was entirely avoidable. T-Mobile had years to fix key vulnerabilities in its cybersecurity systems — and it failed." For their part, T-Mobile sent text messages to affected customers which were criticized for their brevity and lack of essential details.