Names, driver’s licenses, and even Social Security numbers of more than 80 million T-Mobile customers in the US were compromised in a cyberattack last summer. Now T-Mobile is offering the victims a settlement in a class-action lawsuit stemming from the breach. It’s cold comfort to victims, though — the compensation works out to just over $4 per person.
In a filing with the US Securities and Exchange Commission (SEC), the company said it would pay $350 million to fund customer claims, and pick up the attorneys’ fees and administrative costs of handling the payouts. The mobile carrier also pledged to invest an additional $150 million in cybersecurity through 2023.
Altogether the company said the settlement offer would cost T-Mobile $400 million in the second quarter of 2022. To put that in perspective, T-Mobile’s US revenue for the 12 months ending March 31 was $80.5 billion, a 4.46% increase year-over-year.
The T-Mobile SEC filing added that the settlement doesn’t come with any admission of liability, wrongdoing, or responsibility on the part of the company, and added that T-Mobile expects to receive court approval of the settlement terms by as early as December.
The proposed penalty is in line with similar data breach settlements, like the $190 million settlement Capital One reached for leaking 100 million credit card applications from the US and another 6 million from Canada in a 2019 cyberattack — less than $2 per victim.
As a financial institution, Capital One was also ordered to pay an $80 million fine to Federal Reserve regulators. Both sums are a drop in the bucket for the corporate giant. Capital One’s annual net income for 2021 was $12 billion, a 403.79% increase from 2020.