A U.S. appeals court has nullified a $78 million legal fee award for plaintiffs’ lawyers who negotiated a $350 million settlement with T-Mobile stemming from a 2021 data breach.
T-Mobile agreed to pay $350 million and spend an additional $150 million to upgrade data security to settle litigation over a cyberattack that compromised information belonging to an estimated 76.6 million people.
On July 29, the court deemed that the award for plaintiff’s lawyers was a “windfall” relative to the attorneys’ efforts.
What Was the T-Mobile Data Breach?
In August 2021, T-Mobile notified its customers that it was the victim of a cyberattack. Investigation revealed that data of more than 76.6 million current and former customers’ information had been compromised during the breach.
The leaked information included customers names, addresses, dates of birth, phone numbers, International Mobile Equipment Identity numbers and International Mobile Subscriber Identity numbers. Some customers also had sensitive information compromised, including their social security numbers and drivers license/ID information and T-Mobile account PINs. T-Mobile alerted all those affected and reset the PIN information for the accounts that had been compromised in the attack.
To help combat ramifications from the cyberattack, T-Mobile created a dedicated webpage for information about the breach, as well as offering two years of free identity protection services, free scam-blocking protection, and additional best practice guides on what to do in the wake of the breach, including help on resetting passwords and PINs.
The telecommunications company still faced a class action lawsuit following the breach for allegedly failing to meet the obligations set out in its privacy policy and protecting its customers’ data. The company agreed to settle, paying $350mn to fund claims submitted by members of the class action lawsuit and agreeing to invest $150mn in its cyber security systems.
Court Ruling On Breach Settlement
The 8th U.S. Circuit Court of Appeals in St. Louis ruled 3-0 that the legal fee for plaintiffs’ lawyers was excessive considering the hours of work the lawyers invested in the consumer privacy case, which T-Mobile agreed to settle in 2022, Reuters reported.
“If we permitted the fee award here to stand, it would mean that counsel could make $7,000 to $9,500 an hour, which we think no reasonable class member would willingly pay to an attorney to help resolve this claim,” Circuit Judge Morris Arnold wrote in the ruling, joined by Chief Circuit Judge Steven Colloton and Circuit Judge Raymond Gruender.
One of the plaintiffs’ attorneys, Brad Wilders, told Reuters that they “look forward to getting the relief in the hands of class members as soon as possible on remand.”
The appeals court acknowledged that the plaintiffs’ lawyers had represented the class well and achieved a significant outcome in a few months.
However, the panel noted, “the case had barely gotten off the ground before it settled, and counsel hadn’t yet invested the time and effort to yield a return like the one the court awarded.”
The panel suggested that reducing the fee amount by half — to about $39 million — would still provide substantial compensation, equating to $3,500 to $4,750 per hour.
The court did not mandate a lower percentage fee in all “megafund” cases exceeding $100 million, but emphasized that fee determinations should consider various case-specific factors.
