T-Mobile agrees to pay $350 million as part of a settlement following a huge data breach, according to a Reuters report. The company will also spend $150 million on upgrading its data security to prevent a repeat of such incidents.
The American mobile operator T-Mobile suffered a data breach last year, in which hackers compromised 47 million of its customer's data including personal information. However, this number increased to 76.6 million, and the stolen data was put on sale at hacker forums.
According to the report, people who were affected will be paid $25, unless they live in California, in which case, this will rise to $100. Those who have suffered losses as part of this episode could receive up to $25,000. To further protect people, T-Mobile is giving everyone impacted two years of identity theft protection.
John Binns, a 21-year-old American who had moved to Turkey a few years earlier, took responsibility for the hacking, saying he pierced T-Mobile defenses after finding an unprotected router on the internet, The Wall Street Journal said last August. John Binns was originally identified as the possible culprit by Alon Gal, co-founder of cybercrime intelligence firm Hudson Rock.
According to the Wall Street Journal, he had been searching for gaps in T-Mobile's defenses through its internet addresses and gained access to a data center near East Wenatchee, Washington, where he could explore more than 100 of the company's servers. From there, it took about one week to gain access to the servers that contained the personal data of millions. By August 4, he had stolen millions of files.
Through Telegram, Binns provided evidence to the Wall Street Journal proving he was behind the T-Mobile attack and told reporters that he originally gained access to T-Mobile's network through an unprotected router in July.
While T-Mobile has agreed to pay out to those impacted, it has denied that it did anything wrong – including that it didn’t have sufficient data protection in place. Hopefully, the multi-million dollar investment T-Mobile makes will protect customer data from future attacks. The settlement now needs a judge’s approval, which is expected by December.