T-Mobile violated the CCPA and acted negligently by failing to protect consumer data from a recent data breach that exposed millions of customers’ records, the plaintiffs alleged in their complaints, which were both filed Thursday in the U.S. District Court for the Western District of Washington.
T-Mobile didn’t immediately respond to a request for comment about the lawsuits.
The telecom giant suffered a data breach revealed earlier this month that compromised millions of customers’ names and phone numbers. T-Mobile on Friday identified additional records that had been breached, but said they didn’t contain Social Security numbers or ID information.
Plaintiff Veera Daruwalla, a resident of Kern County, California, alleged she’s already spent hours addressing privacy concerns stemming from the breach, including reviewing financial and credit statements for evidence of unauthorized activity.
T-Mobile violated the CCPA by failing to prevent consumers’ nonencrypted personally identifiable information “from unauthorized access and exfiltration, theft, or disclosure as a result of Defendant’s violations of its duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information,” attorneys representing Daruwalla and the proposed class wrote.
Stephanie Espanoza, plaintiff in a separate class action suit, accused T-Mobile of acting negligently by failing to provide adequate security.
Espanoza, a Los Angeles resident, also accused the company of violating the Washington State Consumer Protection Act by committing unfair acts such as providing poor data security.
Tousley Brain Stephens PLLC, MoginRubin LLP, Stueve Siegel Hanson LLP, and Hausfeld LLP represent Daruwalla and the proposed class in that lawsuit.
The Terrell Marshall Law Group PLLC, Mason Lietz & Klinger LLP, the Consumer Protection Firm, Morgan & Morgan, and the Arnold Law Firm represent Espanoza and the proposed class in that lawsuit.