T-Mobile has agreed to pay $350 million to settle multiple class-action suits stemming from a data breach disclosed last year affecting tens of millions of people.
In the proposed settlement announced Friday, T-Mobile also agreed to spend an extra $150 million on cybersecurity through the end of 2023. Court documents outlining the proposed agreement were filed in the US District Court for the Western District of Missouri.
More than 76 million US residents affected by the breach will be part of the proposed class, according to a court filing accompanying the settlement agreement. During its initial disclosures surrounding the breach, T-Mobile had said it believed a hacker had stolen information on about 53 million current, former or prospective customers. The company began investigating the breach in August 2021 after Vice reported claims made on an underground online forum offering T-Mobile customer data for sale.
If approved, T-Mobile’s $350 million will go into a fund covering payments to class members, as well as legal and administrative fees.
“Customers are first in everything we do and protecting their information is a top priority,” T-Mobile said in a statement on its website Friday. “Like every company, we are not immune to these criminal attacks. Our efforts to guard against them continue and over the past year we have doubled down on our extensive cybersecurity program.”
The company added it has created a “cybersecurity transformation office” reporting to CEO Mike Sievert and hired cybersecurity firm Mandiant as well as consulting firms Accenture and KPMG “to design strategies and execute plans” to improve its cybersecurity posture.
T-Mobile expects the settlement to be approved in December at the earliest, according to a Securities and Exchange Commission filing, though it cautioned that appeals or other proceedings could result in delays.