T-Mobile settles for $31.5m with FCC over data breaches

T-Mobile has agreed to a $31.5m settlement with the FCC following a series of data breaches that exposed the personal information of numerous US consumers.

According to Bleeping Computer, this resolution marks the end of the FCC Enforcement Bureau’s investigation into T-Mobile’s cybersecurity lapses during 2021, 2022, and 2023, including an API incident and a sales application breach.

Under the terms of the settlement, T-Mobile is required to allocate $15.75m towards substantial enhancements in their cybersecurity infrastructure and pay an additional $15.75m as a civil penalty to the U.S. Treasury. The company has pledged to implement state-of-the-art security measures such as zero-trust architecture and multi-factor authentication to counteract phishing attacks and bolster overall security.

FCC Chairwoman Jessica Rosenworcel commented on the importance of protecting consumer data against increasing cyber threats. “Today’s mobile networks are top targets for cybercriminals. Consumers’ data is too important and much too sensitive to receive anything less than the best cybersecurity protections,” she said. Rosenworcel emphasized the ongoing commitment of the FCC to ensure that telecom providers who handle sensitive information improve their cybersecurity practices or face consequences.

Further actions by T-Mobile will include regular cybersecurity updates to their board of directors through their Chief Information Security Officer, and the adoption of comprehensive data management strategies that minimize data collection and retention. The company will also undergo independent third-party audits of their security practices to ensure compliance and improvement.

This settlement aligns with the FCC’s broader strategy to tighten cybersecurity regulations within the telecommunications sector, highlighted by the significant roles played by its Privacy and Data Protection Task Force. Earlier penalties issued by the FCC include a $13m settlement with AT&T and a $16m penalty for Verizon’s subsidiary TracFone Wireless, reflecting the FCC’s proactive stance on privacy and data security.

Copyright © 2024 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.