07/22/22 | Case Update: Settlement Status
On July 22, 2022, Plaintiffs filed a motion for preliminary approval of a proposed $350 million class action settlement with T-Mobile regarding a data breach that T-Mobile announced on August 16, 2021. If approved by the Court, the settlement would resolve all claims asserted in In re: T-Mobile Customer Data Security Breach Litigation. If the settlement is granted approval, a settlement administrator will be appointed to provide notice to members of the settlement class and to oversee distribution of settlement funds and services to class members.

For more information and to submit a claim, visit the settlement website at www.t-mobilesettlement.com.

Was your personal information exposed in T-Mobile’s 2021 data breach?

You may be entitled to compensation for T-Mobile’s failure to adequately protect your sensitive information from hackers and identity thieves. Fill out the form to find out your rights »

Case Status
Practice Areas
Data Breach/Identity Theft and Privacy
U.S. District Court Western District of Missouri
Judge Assigned
Hon. Brian C. Wimes
Case Number
T-Mobile USA, Inc.
File Date


The 2021 T-Mobile data breach affected 7.8 million current subscribers, as well as 40 million people who had applied for credit with T-Mobile, on or before Aug. 19, 2021.

You may be affected if you are a current, former or prospective T-Mobile customer. Victims of the data breach were notified by the company on Aug. 19, 2021.


T-Mobile has revealed to the public that stolen data includes full names, birthdates, social security numbers and driver’s license information of at least 7.8 million current T-Mobile customers and accessed the records of 40 million people who had previously applied for credit with T-Mobile.

T-Mobile also reported that approximately 850,000 active T-Mobile prepaid customers names, phone numbers and PIN numbers were exposed, as well as up to 52,000 names of customers related to current Metro by T-Mobile accounts.


According to an interview, the hacker carried out the data breach on or around Aug. 14, 2021, using “a simple tool available to the public” and was easily able to obtain and steal this sensitive information. Reports state that T-Mobile left an unprotected router exposed, allowing the cybercriminal to conduct T-Mobile’s fifth data breach in the past four years.

Due to T-Mobile’s lax data security, the anonymous hacker was able to illegally compromise various T-Mobile databases and gain access to highly sensitive information of current, former and prospective customers. On Aug. 15, 2021, the hacker posted for sale a collection of highly sensitive personal information containing 30 million social security numbers and drivers’ license information stolen from T-Mobile’s servers. The hacker also claimed to have additional personal data related to more than 100 million T-Mobile customers.

According to reports, a security and risk analyst at Forrester Research describes T-Mobile’s July 2021 data breach as “the worst breach they’ve had so far.” In an interview with The Wall Street Journal, the hacker of the attack in July 2021 said that T-Mobile’s data security is “awful.”


T-Mobile customers whose data was stolen in the 2021 T-Mobile data breach must now take steps to protect themselves and mitigate the damages caused by the data breach. According to reports, identity theft is the most common consequence of a data breach and occurs to about 65% of data breach victims. Consumers lost more than $56 billion to identity theft and fraud in 2020 alone, and over 75% of identity theft victims reported emotional distress.

Because T-Mobile did not protect its data properly, victims of the July 2021 T-Mobile data breach will be forced to take all steps possible to mitigate damages caused by the breach. Those whose data was compromised will likely face out-of-pocket costs for obtaining credit reports, credit freezes, credit monitoring services and other protective measures to deter and detect identity theft.


T-Mobile promised customers privacy and protection, yet millions of customers’ personal information was compromised and posted for sale online, putting them at high risk for identity theft and ongoing fear of financial and personal anguish. Hagens Berman believes that consumers deserve swift and just action from T-Mobile’s negligence in letting its customers’ data be stolen. The lawsuit brings claims of negligence and violations of state consumer protection laws and seeks to secure financial relief for the millions of consumers impacted by the breach. The lawsuit also seeks to demand T-Mobile works harder to ensure the protection of their customer’s personal data.


Hagens Berman is one of the most successful litigation law firms in the U.S. and has achieved more than $320 billion in settlements against some of the nation's largest conglomerates. Hagens Berman is currently pursuing a similar case against Capital One for a 2019 data breach that affected over 100 million people.

Our legal team includes attorneys skilled in the area of data breach and security, including a former federal cyber-prosecutor and member of the Cyber and Intellectual Property Crimes Section in Los Angeles.


There is no cost or fee whatsoever involved in joining this action. In the event Hagens Berman or any other firm obtains a settlement that provides benefits to class members, the court will decide a reasonable fee to be awarded to the class's legal team. In no case will any class member ever be asked to pay any out-of-pocket sum.


Complaint filed
Media Images

Hagens Berman purchases advertisements on search engines, social media sites and other websites. Transmission of the information contained or available through this website is not intended to create, and receipt does not constitute, an attorney-client relationship. If you seek legal advice or representation by Hagens Berman, you must first enter a formal agreement. All information contained in any transmission is confidential and Hagens Berman agrees to protect information against unauthorized use, publication or disclosure. This site is regulated by the Washington Rules of Professional Conduct.