T-Mobile US Inc.

proposed paying a group of victims $350 million to settle a class-action lawsuit brought by victims of a 2021 hack of sensitive customer information.

The cellphone carrier said in a securities filing Friday that its proposed settlement would pay for claims from class members, legal fees and administrative costs. The company pledged to spend $150 million for security technology in 2022 and 2023.

The company said Friday it admitted no liability, wrongdoing or responsibility in the proposed settlement, which could win court approval as soon as December. Attorneys for the victims backed the proposal Friday in a court filing.


TMUS -0.53%

acknowledged a security lapse last year after personal information regarding more than 50 million of its current, former and prospective customers was found for sale online. The company later raised its estimate and said about 76.6 million U.S. residents had some sort of records exposed.

A 21-year-old American living in Turkey claimed credit for the intrusion and said the company’s security practices cleared an easy path for the theft of the data, which included Social Security numbers, birth dates and phone-specific identifiers.


TMUS -0.53%

chief executive later apologized for the failure and said the company would improve its data safeguards.

Settling the resulting class-action litigation, which was consolidated in the U.S. Court for the Western District of Missouri, would clear a cloud that has hovered over the telecom company since late last year.

A T-Mobile spokeswoman said the proposed settlement resolves the consumer class-action suits tied to the hack, adding that the company continues to cooperate with regulators who are separately investigating the incident.

The proposal would clear most claims but would still allow victims of “SIM swap” hacks, in which attackers use stolen cellphone identifiers to seize control of a target’s phone line, to seek relief. Hackers have used stolen phone lines to break into personal bank accounts and other sensitive systems that are secured by text-message authentication.

If the court approves the settlement, victims would have 90 days to file a claim detailing out-of-pocket costs and time spent dealing with the data breach. Victims could skip that process and file an alternative claim for $25 per person, or $100 if they live in California.

The company said it expects to post a pretax charge of $400 million in the second quarter related to the settlement. T-Mobile is slated to report financial results from the June period premarket on Wednesday.

The court case is captioned “In re: T-Mobile Customer Data Security Breach Litigation, Case No. 21-md-3019-BCW.”

Write to Drew FitzGerald at andrew.fitzgerald@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Appeared in the July 23, 2022, print edition as ‘T-Mobile to Pay $350 Million To Victims of 2021 Data Leak.’

Leave a Reply

Your email address will not be published. Required fields are marked *