T-Mobile

In 2021, T-Mobile suffered a major **data breach** exposing sensitive personal information of millions of customers. The Washington Attorney General opposed T-Mobile’s motion to dismiss legal claims, arguing that the company misled consumers by falsely assuring robust data protection measures while failing to comply with Washington’s **data breach notice law**. The breach compromised customer data, including personally identifiable information (PII), eroding trust and potentially exposing affected individuals to fraud, identity theft, or financial harm. The case highlights T-Mobile’s alleged negligence in safeguarding user data and its inadequate response in notifying impacted parties as required by law. Legal proceedings emphasize the discrepancy between T-Mobile’s public commitments and its actual cybersecurity practices, reinforcing regulatory scrutiny over corporate accountability in data protection.

Source: https://www.mlex.com/mlex/data-privacy-security/articles/2386198/washington-ag-defends-claims-against-t-mobile-in-case-over-data-breach

TPRM report: https://www.rankiteo.com/company/t-mobile

"id": "t-m2402224101125",
"linkid": "t-mobile",
"type": "Breach",
"date": "6/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Telecommunications',
                        'location': 'United States',
                        'name': 'T-Mobile',
                        'size': 'Large',
                        'type': 'Corporation'}],
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Sensitive Personal '
                                              'Information']},
 'date_publicly_disclosed': '2021',
 'description': 'The Washington Attorney General opposed T-Mobile’s motion to '
                'dismiss claims in a case over a data breach it suffered in '
                '2021. The dispute centers on T-Mobile’s alleged failure to '
                'implement verifiable commitments to protect user data and '
                'non-compliance with Washington’s data breach notice law. The '
                'Attorney General argued that T-Mobile’s assurances were '
                'misleading and did not align with actual practices, '
                'particularly regarding consumer notifications and data '
                'protection measures.',
 'impact': {'brand_reputation_impact': True,
            'data_compromised': True,
            'identity_theft_risk': True,
            'legal_liabilities': True},
 'investigation_status': 'Ongoing (as of October 2025)',
 'post_incident_analysis': {'root_causes': ['Alleged failure to implement '
                                            'verifiable data protection '
                                            'commitments',
                                            'Non-compliance with data breach '
                                            'notification laws']},
 'references': [{'date_accessed': '2025-10-10', 'source': 'MLex'}],
 'regulatory_compliance': {'legal_actions': ['Opposition to T-Mobile’s motion '
                                             'to dismiss claims by Washington '
                                             'Attorney General'],
                           'regulations_violated': ['Washington Data Breach '
                                                    'Notice Law']},
 'title': 'T-Mobile 2021 Data Breach Regulatory Dispute',
 'type': 'Data Breach'}