T-Mobile didn’t expect Washington state’s data breach lawsuit Monday, the carrier said in a statement. In a complaint at the state’s King County Superior Court, Attorney General Bob Ferguson (D) alleged that T-Mobile knew for years about cybersecurity vulnerabilities that led to a 2021 data breach (see 2501060046). A T-Mobile spokesperson acknowledged, “We have had multiple conversations about this incident from 2021 with the Washington AG's office over the last several years and even reached out in late November to continue discussions." As such, "The office’s decision to file a lawsuit … came as a surprise,” the spokesperson added. “While we disagree with their approach and the filing’s claims, we are open to further dialogue and welcome the opportunity to resolve this issue, as we have already done with the FCC.” T-Mobile “fundamentally transformed” its cybersecurity approach during the last four years, the spokesperson said.

TikTok was aware its age restrictions were ineffective and thousands of minors were able to access its Live feed product, an internal investigation for the social media company showed, according to the Utah attorney general's office. The office on Friday announced the release of details that were previously redacted in its complaint filed in June against TikTok.

Delaware’s new privacy law gives the state AG office “important tools to enforce consumers’ data privacy and security,” said AG Kathy Jennings (D) on Monday. The comprehensive privacy law took effect Jan. 1 and will be enforced exclusively by Delaware DOJ’s Fraud and Consumer Protection Division.

T-Mobile knew for years about cybersecurity vulnerabilities that led to a 2021 data breach, alleged Washington Attorney General Bob Ferguson (D) in a lawsuit against the wireless carrier Monday. The AG sought damages and injunctive relief under the state’s consumer protection and data breach notification laws in the state’s King County Superior Court (case 25-2-00308-6). Ferguson said that T-Mobile failed to adequately secure sensitive personal data of about 2 million Washington residents. Also, the company didn’t sufficiently inform customers about the breach, downplaying its severity and not disclosing everything that was compromised, he alleged. Customers received brief text messages about the breach “that omitted critical and legally required information,” said the AG office: And some customers didn’t receive information about social security numbers being exposed. “This significant data breach was entirely avoidable,” Ferguson said. “T-Mobile had years to fix key vulnerabilities in its cybersecurity systems -- and it failed.” The 2021 data breach exposes personal information of about 79 million customers nationwide.