What Do Washingtonians Want?
As well as financial damages, the lawsuit is focused upon getting T-Mobile to take a scrupulous look at its cyber-policies to ensure that a breach of this scale can’t happen again.
The lawsuit alleges that the “2021 breach was enabled, in part, when the hacker guessed obvious credentials to gain access to T-Mobile’s internal databases.” These databases contained full names, home addresses, and even Social Security numbers.
While some technical details in the lawsuit are redacted, the lawsuit also alleges that T-Mobile “allowed the connection from the threat actor’s IP address” from outside its network. The hacker was then allowed to test credentials without limit as the company did not have rate-limiting on login attempts.
