T-Mobile Data Breach - "Malicious Attack" Against T-Mobile E-Mail Vendor

T-Mobile Data Breach – “Malicious Attack” Against T-Mobile E-Mail Vendor

T-Mobile Customer “Notice of Data Breach” – “Malicious Attack” Against T-Mobile’s E-Mail Vendor That Allowed Unauthorized Access to Certain T-Mobile Employee E-Mail Accounts Containing Certain T-Mobile Customer and Employee Account Information

Kehoe Law Firm, P.C. is making consumers aware that on March 5, 2020, Tripwire.com reported (“T-Mobile Says Security Incident Might Have Exposed Customers’ Data“) that “[m]obile telecommunications company T-Mobile disclosed a data security incident that might have exposed the account information of some of its customers.” According to Tripwire.com:

T-Mobile’s Cybersecurity team learned of the incident when it discovered an attack against its email vendor. The team responded by shutting down the attack and launching an investigation into what happened.

This effort revealed that malicious actors had used the attack to access certain T-Mobile employees’ email accounts. At the time of compromise, those accounts had contained the account information of T-mobile customers and employees including their names and addresses, phone numbers, account numbers, and billing information, among other details.

According to T-Mobile’s “Notice of Data Breach,” as reported by Tripwire.com:

[T-Mobile’s] Cybersecurity team recently identified and shut down a malicious attack against [its] email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees. An investigation was immediately commenced, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was affected. [T-Mobile] immediately reported this matter to federal law enforcement and are actively cooperating in their investigation.

The information accessed may have included customer names and addresses, phone numbers, account numbers, rate plans and features, and billing information. [One’s] financial information (including credit card information) and Social Security number were not impacted. [Emphasis added.]

On March 4, 2020, TmoNews.com reported (“T-Mobile reveals data breach, customer account info accessed“) that “[t]he info accessed during this attack may have included customer names and addresses, phone numbers, account numbers, rate plans and features, and billing information. It appears that some customers are being told that their financial info was not accessed while others may have had their financial account info and Social Security numbers accessed[Emphasis added.]

Tripwire.com also reported that “[n]ews of this incident comes several months after T-Mobile revealed that a security incident might have exposed the personal information of some of its customers. In that incident, digital attackers gained access to some prepaid wireless account holders’ information. This data also did not include affected individuals’ financial information (such as their payment card credentials), passwords or Social Security Numbers.”

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.