A $500 million settlement resolving a class-action suit filed in the wake of a data breach at cellular provider T-Mobile is headed for finalization in a Missouri court early next year.
On July 26, U.S. District Judge Brian C. Wimes gave preliminary approval to the settlement, which calls for T-Mobile to create a $350 million settlement fund and to spend $150 million upgrading its data security. A final approval hearing is set for Jan. 13, 2023, in Kansas City.
In a court filing urging the court to approve the agreement, the plaintiffs’ lawyers, led by Norm Siegel of Stueve Siegel Hanson in Kansas City, said the value of the settlement is second only to the $1.5 billion settlement in 2019 involving a data breach of the credit bureau Equifax, which also featured Siegel.
The filing said the settlement provides “historic direct relief” to consumers and will make the company’s data safer.
“In short, the Settlement Agreement addresses the central allegations of this litigation and achieves the primary relief sought by Plaintiffs,” Siegel wrote.
The T-Mobile breach occurred in 2021 when cybercriminals stole the personally identifiable information of approximately 76.6 million current, former and prospective T-Mobile customers. The information included names, Social Security numbers, driver’s license numbers, phone numbers and the unique technical identifiers for customers’ phones.
The suit alleges the hackers posted in the information on the dark web, subjecting class members to actual and attempted identity theft and fraud. The multidistrict litigation, which combined dozens of claims filed across the country, alleged that T-Mobile was negligent in its handling of customers’ sensitive data and had breached its duty to safeguard it from hackers.
T-Mobile did not admit to any wrongdoing.
“As we continue to invest time, energy, and resources in addressing this challenge, we are pleased to have resolved this consumer class action filing,” the company said in a statement.
If approved, the settlement will allow plaintiffs to be reimbursed for up to $25,000 in out-of-pocket expenses and lost time that is traceable to the T-Mobile data breach. It also allows them to enroll in two years’ worth of identity protection services at no cost and provides restoration services for those facing identity theft.
In addition, the settlement calls for T-Mobile to spend at least $150 million in 2022 and 2023 for or data security and related technology. The improvements aren’t specified, but the company agreed to provide the class’ attorneys with “confirmatory information related to its remediation of the issues directly relevant to the Data Breach.”
The plaintiffs’ filing noted that the settlement in some ways offered a better result than could be achieved through additional litigation, as “requiring a corporation to spend money on data security and making available expensive identity protection services are typically not forms of relief secured through trial.”
In addition to Siegel, the class was represented by Cari Campen Laufenberg of Keller Rohrback in Seattle and James J. Pizzirusso of Hausfeld LLP in Washington, D.C., as well as an executive committee that includes Maureen Brady of McShane & Brady in Kansas City. The agreement calls for a payment of up to 30 percent of the settlement fund in attorneys’ fees, which the judge must approve separately.
The case is In Re: T-Mobile Customer Data Security Breach Litigation, 4:21-md-03019.
RELATED: Kansas City attorney helps to reach ‘historic’ data-breach settlement