T-Mobile Got Hacked and Your Personal Info May Have Been Stolen — Here's What Happened

The short version: In August 2021, hackers broke into T-Mobile's computer systems and stole the personal information of approximately 76.6 million current and former customers. The stolen data included Social Security numbers, driver's license information, full names, and addresses. T-Mobile later agreed to pay $350 million to settle the resulting lawsuits. The claim deadline has now passed, but new data breach cases happen all the time — and you may have options.

What Actually Happened

On August 17, 2021, T-Mobile publicly confirmed that it had suffered a major security breach.^[1] A hacker later claimed responsibility in an online interview, saying he had broken into T-Mobile's servers through an unprotected router that was exposed to the internet. He said it took him about a week to work his way deeper into the company's systems.

What made this breach especially serious wasn't just the size — it was the type of information that was taken. This wasn't just email addresses or usernames. The hackers got into files containing Social Security numbers, driver's license numbers, and other deeply personal information that can be used for identity theft for years.

T-Mobile confirmed that approximately 76.6 million current and former U.S. customers were affected.^[1] That's one of the largest personal data thefts ever reported by a U.S. company at the time.

For many people, that combination of information is more than enough for someone to open new credit accounts, file false tax returns, or take out loans in your name. Identity fraud from data breaches like this can show up months or even years after the breach itself.

Why People Felt T-Mobile Owed Them Something

When you sign up for a phone carrier, you hand over some of the most sensitive information you have. You expect the company to protect it. What the lawsuits argued — and what T-Mobile ultimately agreed to pay to settle — was that T-Mobile failed to take reasonable steps to keep that data secure.^[2]

This wasn't T-Mobile's first major breach, either. The company had experienced several significant security incidents in prior years. The argument in court was that T-Mobile had been warned, had the resources to fix the problems, and still hadn't done enough.^[2]

The $350 Million Settlement

Lawsuits were filed quickly after the breach became public, and they were eventually combined into a single federal case: In re T-Mobile Customer Data Security Breach Litigation, No. 4:21-md-03019-BCW, in the U.S. District Court for the Western District of Missouri.^[3]

T-Mobile agreed to pay $350 million into a settlement fund. The court gave final approval to the settlement in May 2023.^[3] T-Mobile also committed to spending $150 million on security upgrades over two years, though that money did not go to customers.^[4]

T-Mobile did not admit wrongdoing as part of the settlement.

Who Was Eligible and How Claims Worked

The settlement covered current and former T-Mobile customers whose information was exposed in the August 2021 breach. Some customers received automatic payments based on T-Mobile's records; others needed to submit a claim form to receive compensation for out-of-pocket expenses connected to the breach.

People who could show they spent time or money dealing with the breach's aftermath — things like credit monitoring services, identity theft protection, or time spent resolving fraudulent accounts — were eligible for additional reimbursement by submitting a claim with documentation.^[4]

The claim deadline has now passed. If you didn't file a claim, you cannot go back and get money from this particular settlement.

What to Do If You Were Affected

Even if the settlement claim window is closed, the impact of having your Social Security number stolen doesn't go away. Here are steps worth taking if your data was in the T-Mobile breach:

• Freeze your credit at all three bureaus: Equifax, Experian, and TransUnion. A credit freeze is free and prevents new accounts from being opened in your name. You can lift it whenever you need to apply for credit.
• Check your credit reports for accounts or inquiries you don't recognize. You can get free reports at AnnualCreditReport.com.
• Set up fraud alerts. A fraud alert makes it harder for someone to open new accounts in your name and is free to set up.
• Watch for IRS notices. If a thief files a tax return using your Social Security number before you do, you'll get a notice from the IRS. Report it immediately if that happens.
• Talk to a lawyer if you've experienced actual identity theft traced to this or another breach. Depending on the circumstances, you may have separate options.

Why Data Breach Cases Keep Growing

The T-Mobile settlement was one of the largest of its kind, but it is far from the last. Companies across every industry have suffered major breaches in recent years: healthcare providers, banks, retailers, insurance companies, and government agencies. In many of those cases, people affected by the breach had options to participate in settlements or lawsuits.

The problem for most people is timing. The filing window for these cases often opens and closes without most affected people ever hearing about it. The best way to make sure you don't miss a case you qualify for is to have someone looking out for you. That's what the form below is for.

Common Questions

I was a T-Mobile customer in 2021. Can I still get money?

The deadline to file a claim in the T-Mobile settlement has passed. If you did not submit a claim, you cannot recover from this specific settlement. However, if you experienced actual identity theft or financial harm as a result of the breach, you should speak with a lawyer about whether you have separate options.

How do I know if my information was actually stolen?

T-Mobile sent notification letters to customers whose information was confirmed as part of the breach. You can also check breach notification databases like HaveIBeenPwned.com to see if your email address appears in known breaches.

How much did people receive from this settlement?

We do not publish individual payment estimates. The amount each person received depended on the total number of claims and their specific documentation. Payment amounts varied widely.

Did T-Mobile fix the security problems?

As part of the settlement, T-Mobile committed to spending $150 million on data security and technology upgrades through 2023.^[4] Whether that has fully addressed the underlying vulnerabilities is not something we can independently verify.

Are there other T-Mobile cases happening?

T-Mobile has experienced multiple security incidents. Whether any current or future cases apply to your situation depends on timing and the specific breach. Submit the form and we'll notify you if a case comes up that may be relevant.