T-Mobile Is Settling With the FCC Over Cybersecurity Violations
They’re paying up, too.
T-Mobile has been in hot water for some time now. The company has faced multiple cybersecurity situations in recent years, including in 2021, 2022, and 2023. These events have leaked important data of T-Mobile customers, including social security numbers, home addresses, and even driver’s license numbers.
The company isn’t getting away with a simple, “We’re sorry,” either. In August, T-Mobile had to pay $60 million in fines for not disclosing that sensitive data was improperly accessed, which violated the company’s national security agreement when it acquired Sprint. One month later, the company is paying another $31.5 million: One half of that sum, $15.75 million, is going to the U.S. Treasury as a fine. The other $15.75 million, however, is being apportioned as an investment in the company’s cybersecurity practices.
That $31.5 million isn’t a volunteered donation. It comes as part of a settlement T-Mobile made with the FCC. Loyaan A. Egal, Chief of the Enforcement Bureau and Chair of the Privacy and Data
Protection Task Force, says:
“The wide-ranging terms set forth in today’s settlement are a significant step forward in
protecting the networks that house the sensitive data of millions of customers nationwide…With companies like T-Mobile and other telecom service providers
operating in a space where national security and consumer protection interests overlap, we are
focused on ensuring critical technical changes are made to telecommunications networks to
improve our national cybersecurity posture and help prevent future compromises of
Americans’ sensitive data. We will continue to hold T-Mobile accountable for implementing
these commitments.”
In addition to the fine and the investment in cybersecurity improvements, the FCC says T-Mobile must keep up with the following three tasks:
- The company will routinely update the board on its cybersecurity progress, as well as any known cybersecurity risks to the company.
- T-Mobile will move towards a zero trust architecture, segmenting its networks and requiring more authentication on every level.
- Finally, the company will also employ MFA (multi-factor authentication) throughout its networks.
Share This
