T-Mobile has agreed to a $31.5 million settlement with the FCC in response to data breaches that affected millions of U.S. consumers over a three-year span. As part of the agreement, T-Mobile will enhance its cybersecurity measures amid increasing regulatory scrutiny.
What happened
T-Mobile has reached a $31.5 million settlement with the Federal Communications Commission (FCC) to resolve a series of data breaches that took place over the past three years, impacting tens of millions of U.S. consumers. The settlement includes a $15.75 million civil penalty and an additional $15.75 million investment over two years to bolster the company's cybersecurity infrastructure. These breaches occurred in 2021, 2022, and 2023, with the most significant in 2021 affecting 76.6 million U.S. consumers.
See also: HIPAA Compliant Email: The Definitive Guide
The backstory
In a separate case, the company was fined $60 million by the Committee on Foreign Investment in the United States (CFIUS) for failing to prevent and report unauthorized access to sensitive data in 2020 and 2021. The penalty was tied to violations of a mitigation agreement T-Mobile entered into as part of its $23 billion acquisition of Sprint Corp in 2020. Majority-owned by Germany’s Deutsche Telekom, T-Mobile encountered technical challenges during its post-merger integration with Sprint, leading to lapses in sensitive information handling. Although T-Mobile stated that the issues were swiftly addressed and reported, the unprecedented fine reflects CFIUS’s commitment to rigorous enforcement to deter future violations.
Go deeper: T-Mobile penalized $60m for failing to disclose data breaches
What was said
According to Reuters, FCC Chairwoman Jessica Rosenworcel emphasized the need for mobile networks to enhance their cybersecurity, saying, "Today’s mobile networks are top targets for cybercriminals. We will continue to send a strong message to providers entrusted with this delicate information that they need to beef up their systems or there will be consequences."
T-Mobile responded by reiterating its dedication to protecting customer data. "We take our responsibility to protect our customers’ information very seriously," the company said in a statement. "We have made significant investments in strengthening and advancing our cybersecurity program and will continue to do so."
Read also: Biggest healthcare industry cyberattacks
The bottom line
T-Mobile’s combined penalties of $91.5 million over the last few years underline the heightened expectations for data protection within the telecommunications sector. Both the FCC and CFIUS have sent a clear message: companies must take proactive steps to safeguard sensitive information or risk significant penalties.
FAQs
What is zero trust architecture?
Zero trust is a security model that assumes no user or system inside or outside of an organization’s network is automatically trusted. Instead, users are required to continually verify their identity and authorization to access data or systems.
Go deeper: Zero trust architecture in healthcare cybersecurity
Why is mobile network security important?
Mobile networks hold vast amounts of sensitive data, making them prime targets for cybercriminals. Weak cybersecurity can lead to breaches that expose personal and financial information, increasing the risk of identity theft, fraud, and other malicious activities.
How does the FCC hold companies accountable for data breaches?
The FCC holds companies accountable by imposing civil penalties, conducting investigations, and requiring companies to enhance their cybersecurity measures to prevent future breaches. This includes imposing fines and pushing for the adoption of secure technologies.
How can I protect my personal data in the event of a data breach?
It’s essential to monitor your credit report, change passwords regularly, enable MFA on accounts, and stay vigilant for phishing attempts or fraudulent activities related to your personal information.
Tshedimoso Makhene
