Anyone who has ever been locked out while attempting too many failed logins in a row has experienced the effectiveness of this defense.T-Mobile is one of the US's largest mobile carriers and is estimated to have more than 100 million customers. By limiting how many requests a server can receive during a given timeframe, it helps prevent resource starvation for normal users and blocks hackers from inundating servers with requests. Rate limiting is a way to stabilize servers from being hit with too many requests at once. ![]() Perhaps most egregious among allegations claiming that T-Mobile did not take basic steps to properly safeguard data was a complaint that the company did not rely on an industry-standard practice for data protection called “rate limiting.” The contradiction suggests that T-Mobile willfully hid details of the data breach from those most vulnerable to identity theft. ![]() In the complaint, customers shared text and email notifications that T-Mobile sent that generalized the data leak and did not caution that a customer’s Social Security number was leaked when it was but when it wasn't, T-Mobile sent different notifications that specifically reassured customers that Social Security numbers were not leaked. Perhaps the most straightforward example of T-Mobile not properly disclosing information about the breach was in its seeming cover-up of hacked accounts where Social Security numbers were leaked. T-Mobile’s data security misstepsĪ lot went wrong for T-Mobile’s data breach to occur, but plaintiffs say the company broke the terms of its own privacy policy by not properly disclosing information about the breach or building proper safeguards to reasonably protect data in the first place. They view their data as forever compromised, and they claim they’ll need to pay for ongoing identity theft protection moving forward, with the “certain, imminent, and ongoing threat of fraud and identity theft” always looming. In their complaint, customers say they’ll continue paying for T-Mobile’s weak security choices. In its statement, T-Mobile says it’s “pleased to have resolved this consumer class action filing.”įor T-Mobile customers injured by the data breach, the pain is not expected to ever really end, though. ![]() In the proposed settlement agreement, T-Mobile also said that a toll-free number and website would be set up to answer all remaining questions. At least one law firm set up an email address to field questions from anyone concerned about missing out on the proposed settlement. T-Mobile says everyone whose data has been compromised has been notified already, while lawyers representing people suing T-Mobile have said it’s still possible that more victims will be identified. Right now, nobody knows exactly how big the individual payouts will be, because that figure will depend on the total number of complaints filed if the settlement is reached. The agreement says that T-Mobile will have 10 days to send funds to the settlement administrator to start the process of notifying everybody who has been deemed eligible to file claims. That includes creating a Cybersecurity Transformation Office that directly reports to T-Mobile CEO Mike Sievert collaborating with cybersecurity firms to “further transform our cybersecurity program ” ramping up employee cybersecurity training and investing “hundreds of millions of dollars to enhance our current cybersecurity tools and capabilities.”Īll T-Mobile customer payouts from the proposed settlement will be disbursed through an independent third-party settlement administrator. T-Mobile declined to tell Ars about specific upcoming plans to improve data security, instead linking to a statement that outlines measures it has taken to “double down” on security in the past year. Now, T-Mobile has admitted no guilt but has agreed to pay a $500 million settlement (pending a judge’s approval), out of which $350 million will go to the settlement fund and “at least $150 million” will go toward enhancing its data security measures through 2023. When T-Mobile compromised the sensitive personal information of more than 76 million current, former, and prospective customers in 2021, plaintiffs involved in a class action lawsuit complained that the company continued profiting off their data while attempting to cover up “one of the largest and most consequential data breaches in US history.” ![]() Tupungato | iStock Editorial / Getty Images Plus reader comments 101
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |