T-Mobile agrees to $350 million settlement over its massive 2021 data breach

Illustration by Alex Castro / The Verge

T-Mobile has agreed to pay $500 million to settle a class-action lawsuit stemming from the hack that it says exposed around 7 million US residents' data. $350 million will be put into a settlement fund to go to lawyers and people who file claims according to the proposed agreement filled on Friday. It will have to spend an additional $150 million on data security and related technology during the next two years.

Social Security numbers, names, addresses, and driver's license information for over 100 million of its customers was for sale. T-Mobile's figure of how many people were impacted continued to rise even though the number was slightly overstated. T-Mobile has had five security breeches in the last four years.

If the proposed settlement agreement is approved by a judge, T-Mobile will have 10 days to put money in the fund to pay for notifying people who are eligible to claim. Some of the carrier's employees and people close to the judges that presided over the case were not included in the settlement. I am eligible to apply for compensation as I was a T-Mobile customer at the time of the hack.

It's difficult to estimate how much each person will get until it's clear how many people will make a claim.

T-Mobile was accused of failing to protect its past, present, and prospective customers' data, not properly notifying people who may have been impacted, and having "insufficient data security." The settlement doesn't constitute an admission of guilt according to T-Mobile. In a filing with the Securities and Exchange Commission, the carrier says that it has the right to end the agreement under certain conditions, but that it expects to have to pay the claims.

Outside of this lawsuit there have been other responses. New rules were proposed by the FCC to improve how companies communicate with their customers.