Via America’s Lawyer: 50 million T-Mobile customers were targeted by a hack that exposed their driver’s licenses and social security numbers. Consumer rights attorney Abbas Kazerounian joins Mike Papantonio to explain how a 21 year-old was behind the data breach, and how the telecom giant has been doing damage control.
Transcript:
*This transcript was generated by a third-party transcription software company, so please excuse any typos.
Mike Papantonio: Consumer data breaches unfortunately happen like clockwork these days. There’s been a massive cyber attack against wireless customers. This time targeting more than tens of millions of T-Mobile users. Consumer rights attorney Abbas Kazerounian joins me now to talk about that. Abbas, first of all, fill us in on the details of this breach. How many, how many of the T-Mobile’s customers were actually affected, Abbas, and how exactly did hackers get, get ahold of this information?
Abbas Kazerounian: Hi, nice to see you again, Mike. So on approximately August 16th, last month, some bad actors, some hackers, if you will, hacked into the networks of T-Mobile and compromised approximately 55 million consumers data points. And the data that we’re talking about includes social security numbers, driver’s licenses, names, date of births and the, if they used a, a pay as you go, they, they also hacked into the pin numbers. And so this data goes all the way back to the 1990s, and it’s a serious issue for T-Mobile and consumers around the country.
Mike Papantonio: Abbas, when did they recognize that they’d been hacked? I mean, this is, this is pretty serious stuff. How long did this go? When did they recognize they’d been hacked?
Abbas Kazerounian: This is actually very troubling, Mike, because it’s reported that T-Mobile didn’t actually realize they had been hacked and that being a serious data breach until, and there’s various reports, some say 24 hours and some say 48 hours after the fact, after the breach had happened only when on Twitter, they realized that this data was on sale on the dark web. So that some bad actors could go buy this data off the dark web from these hackers.
Mike Papantonio: Hmm. So, so what’s, you know, I’m curious, what’s been T-Mobile’s response? I mean, such a ridiculous story. I mean, a company this size allowed this kind of data breach. What’s been T-Mobile’s response to all this, and I can’t even imagine the sort of liability they face. What’s your take on that?
Abbas Kazerounian: Well, I mean, as far as their response, I mean, they’ve obviously done what they pretty much have to do, which is that they’ve offered consumers two years of ID protect, ID theft protection. As far as their liability, they’ve been fairly, kind of, you know, not being very responsive. I’m sure they’ve been advised by their lawyers not to. But as far as the liability goes, Mike, I think, you know, that’s an open-ended question because the state laws differ from every state. But for example, California has statutory damages available of up to $750 per consumer. But what I think is pretty universal is the fact that consumers are entitled to their actual damages. And what that actually means is, you know, if you have to spend time checking your credit reports or calling T-Mobile to see if you were compromised or any time that you lost, or of course in the most egregious way is if your identity actually has been stolen, some bad actors have setups, you know, credit cards or bought, you know, things on your credit. And that’s how you’ve been damaged. You’re entitled to do that. And furthermore, T-Mobile has an arbitration agreement, which I know you have documented and, you know, you know why it’s bad for consumers, you know, oh on your show many, many times. But we can use it as a sword here. What, what’s, the arbitration and the contract with T-Mobile says is that they have to pay the cost of arbitration and if the consumer prevails, which I’m sure most victims will, they’re entitled to all their attorney’s fees. But if T-Mobile wins, they’re not entitled to their attorney’s fees. So that is what’s available to consumers. And that is the only silver lining I see in all of this.
Mike Papantonio: You know, the backstory to me, Abbas, is interesting. This, this kid, John Erin Binns says that the CIA took him prisoner and tortured him and held him prisoner and that this is his payback. And now he’s, now the question is, how much of this has he put on the dark web? Of course the CIA says, no, we don’t know the kid. We didn’t have anything to do with it. But he sued, this Binns has sued the government because he said, look, this is my payback. This is what you did to me. You abducted me, you tortured me. And now, you know what, I’m going to get even. Well tell, the story sounds just so bizarre, but it’s, it appears to be true. He’s brought a lawsuit, when you read the lawsuit, it sounds like it is the absolute truth.
Abbas Kazerounian: Well, I mean, if someone’s brought a lawsuit on his behalf, they have, you know, what we call rule 11 obligations to do a due diligence, to make sure you’re not bringing a sham pleading or, you know, bringing a, you know, a case, you know, I, you know, in, in, in fraud, if you like. However, the CIA is not going to admit to, you know, it’s torture techniques and whether it has or has not been torturing any individuals. So what, you know, we can’t take that with, you know, with a straight face. But what I can tell you is, and, and, you know, I think the most upsetting part for consumers is that they don’t know where their data is. And if it’s on the dark web, it’s there for perpetuity potentially and we don’t know who has it and for how long they have it. And I think it’s that insecurity that, that is so troubling to American consumers.
Mike Papantonio: Abbas, I’m glad you’re working this case. I don’t think there is a better lawyer in America to handle a case like this and I’m glad you’re out there doing that. Thank you for joining us. Okay.
Abbas Kazerounian: Thank you, Mike. I really appreciate you having me.
