T-Mobile agreed to create a $350 million fund and spend an additional $150 million on improving its data security to settle a class-action lawsuit related to a 2021 hack that exposed the personal information of more than 76 million customers.

T-Mobile acknowledged in August 2021 a hacker accessed its records and stole personal information on more than 7.8 million existing customers, 40 million former or prospective customers, and 850,000 prepaid customers. At the time, Chief Executive Mike Sievert said the telecommunications company was “humbled” by the incident—at least its fifth (and largest) breach in the last four years. Sievert pledged to take the company’s security efforts to the next level.

In November 2021, T-Mobile disclosed to the Securities and Exchange Commission it found an additional 26 million customers whose names, dates of birth, and addresses had been compromised by the hack, bringing the total of affected customer records to 76.6 million, according to the settlement.

In the settlement, filed Friday with the U.S. District Court for the Western District of Missouri, T-Mobile said it did not agree with the claims made by the plaintiffs, all victims of the data breach. But it agreed to the terms laid out in the motion.

Those terms included reimbursing affected customers up to $25,000 in out-of-pocket expenses related to the breach or making an alternative cash payment of $25 to $100. Affected customers will also be eligible to receive a free two-year subscription for identity theft prevention and monitoring from the Pango Group.

In a statement issued Friday, T-Mobile said it has taken a number of steps to enhance its cybersecurity program, including:

  • Hiring more experienced cybersecurity professionals;
  • “Engaging in long-term collaborations with industry experts Mandiant, Accenture, and KPMG to design strategies and execute plans to further transform our cybersecurity program”;
  • Investing in cybersecurity tools and capabilities; and
  • Conducting nearly 900,000 training sessions for employees and partners.

“Customers are first in everything we do and protecting their information is a top priority. Like every company, we are not immune to these criminal attacks,” T-Mobile said. “… As we continue to invest time, energy, and resources in addressing this challenge, we are pleased to have resolved this consumer class action filing.”