Delaware’s new privacy law gives the state AG office “important tools to enforce consumers’ data privacy and security,” said AG Kathy Jennings (D) on Monday. The comprehensive privacy law took effect Jan. 1 and will be enforced exclusively by Delaware DOJ’s Fraud and Consumer Protection Division.

T-Mobile knew for years about cybersecurity vulnerabilities that led to a 2021 data breach, alleged Washington Attorney General Bob Ferguson (D) in a lawsuit against the wireless carrier Monday. The AG sought damages and injunctive relief under the state’s consumer protection and data breach notification laws in the state’s King County Superior Court (case 25-2-00308-6). Ferguson said that T-Mobile failed to adequately secure sensitive personal data of about 2 million Washington residents. Also, the company didn’t sufficiently inform customers about the breach, downplaying its severity and not disclosing everything that was compromised, he alleged. Customers received brief text messages about the breach “that omitted critical and legally required information,” said the AG office: And some customers didn’t receive information about social security numbers being exposed. “This significant data breach was entirely avoidable,” Ferguson said. “T-Mobile had years to fix key vulnerabilities in its cybersecurity systems -- and it failed.” The 2021 data breach exposes personal information of about 79 million customers nationwide.