T-Mobile Strikes $500 Million Settlement For Continued Sloppy Data Practices

from the you're-not-very-good-at-this dept

T-Mobile hasn’t been what you’d call competent when it comes to protecting its customers’ data. The company has been hacked several different times over the last few years, with hackers going so far as to ridicule the company’s lousy security practices.

This week the company finally paid a penalty for its continued lax security and privacy practices in the form of a new $500 million class action settlement. As part of the settlement (in which T-Mobile admits no wrongdoing), T-Mobile has to pay out $350 million to customers and lawyers, with the remaining $150 million going toward shoring up its privacy and security practices.

The company links to a statement claiming that protecting consumer data is “a top priority,” then outlining improvement steps the company would have taken already if that claim had actually been true. Other promises are just kind of vague:

engaging in long-term collaborations with industry experts Mandiant, Accenture, and KPMG to design strategies and execute plans to further transform our cybersecurity program

The press tried to get T-Mobile to clarify on some of this and didn’t receive an answer. The size of the payments consumers will get won’t be determined until we see how many consumers actually apply, though the class action lawyers themselves will be handsomely compensated to be sure.

For reference, this is the hack after which the hacker involved publicly ridiculed T-Mobile’s security as “awful,” highlighting how the company hadn’t implemented basic things like server rate limiting to protect consumer data. T-Mobile has also been caught up in numerous location data and SIM hijacking scandals, several of which resulted in lost cryptocurrency fortunes and even stalking incidents.

Rampant overcollection of consumer data, selling it to any nitwit with a nickel, failing to secure that data, and lying about whether this data was sold is a longstanding tradition in the telecom, adtech, and tech sectors. As is pretending the over-collection of data is no big deal because said data has been “anonymized.” As is clearly communicating with users when their data is compromised.

All stuff that could have been at least moderated somewhat if the U.S. had shaken off corruption to pass a baseline privacy law for the Internet era sometime in the last two decades. But, well, there was money to be made.

Filed Under: , , , , , , ,
Companies: t-mobile

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “T-Mobile Strikes $500 Million Settlement For Continued Sloppy Data Practices”

Subscribe: RSS Leave a comment

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...