The company’s poor security posture left consumers’ Social Security numbers and other information vulnerable to the breach, alleged plaintiffs Randall and Misty Norris in a complaint filed Thursday in the U.S. District Court for the Western District of Washington.
The plaintiffs, both Alabama residents, argued that the T-Mobile breach puts them at current and future risk of fraud.
“Despite Defendant’s commitment to protecting personal information, T-Mobile failed to prioritize data and cyber security by adopting reasonable data and cyber security measures to prevent and detect the unauthorized access,” the plaintiffs argued.
The company also violated the Washington Consumer Protection Act by failing to put a reasonable notification policy in place, they alleged.
“The failure to notify consumers of the data breach was likely to cause additional harm to consumers, Plaintiffs, and members of the Class as it allowed the theft of additional data to continue unabated, and thereby exacerbated the injuries suffered by Plaintiffs and members of the Class,” they wrote.
The company was hit Aug. 19 with two other lawsuits accusing T-Mobile of failing to safeguard consumer information from the breach.
Causes of Action: Negligence, negligence per se, violation of the Washington Consumer Protection Act, declaratory judgment.
Relief: Class certification, damages, declaratory and injunctive relief, attorneys’ fees.
Potential Class Size: Millions.
Response: T-Mobile didn’t immediately respond to a request for comment.
Attorneys: Connor & Sargent PLLC, Carlson Lynch LLP, Scott+Scott Attorneys At Law LLP, The Finley Firm P.C., Murray Law Firm, and Zimmerman Reed LLP represent the plaintiffs and proposed class.
The case is Norris v. T-Mobile USA Inc., W.D. Wash., No. 2:21-cv-1153, complaint 8/26/21.