July 24 (UPI) — T-Mobile on Friday agreed to a $350 million settlement of a class-action lawsuit stemming from the 2021 cyberattack in which data relating to 76 million people was stolen.
The second-largest mobile carrier in the United States also agreed to spend $150 million to increase its data security and related technology through 2023, according to a filing Friday with the Securities and Exchange Commission.
The filing notes that the settlement “contains no admission of liability, wrongdoing or responsibility” by T-Mobile and that its terms “are in line with other settlements” to similar claims.
T-Mobile said in the filing that it expects a full court approval of the settlement as early as December but noted that the approval could be delayed “by appeals or other proceedings.”
The proposed preliminary approval order filed with a U.S. District Court in Missouri states that the class consists of about 76.6 million U.S. residents whose information was compromised by the data breach after the court consolidated several cases.
People affected by the data breach will have 90 days to submit their claim forms, according to the filing.
T-Mobile confirmed in August that hackers stole information relating to past, current and prospective users, including Social Security numbers and driver’s licenses. It was estimated at the time that around 40 million people had been affected by the breach.
In the aftermath of the breach, T-Mobile said it would be offering two years of free identity protection services with McAfee’s ID Theft Protection Service and recommended that all postpaid customers proactively change their PINs.
“Customers are first in everything we do and protecting their information is a top priority. Like every company, we are not immune to these criminal attacks,” the company said in a statement Friday.
“Our efforts to guard against them continue and over the past year we have doubled down on our extensive cybersecurity program to enhance existing programs.”
