The US Federal Communications Commission (FCC) hit T-Mobile US with a $15.7 million penalty to end investigations into multiple data breaches, while also ordering it to spend an additional $15.7 million to beef up cybersecurity measures.
The mobile operator agreed to the fine and the investment to resolve cybersecurity breach investigations in 2021, 2022 and 2023.
The FCC is requiring T-Mobile “to address foundational security flaws, work to improve cyber hygiene, and adopt robust modern architectures, like zero trust and phishing-resistant multi-factor authentication”.
“Today’s mobile networks are top targets for cybercriminals,” FCC chair Jessica Rosenworcel stated. “Consumers’ data is too important and much too sensitive to receive anything less than the best cybersecurity protections.”
Those cybersecurity incidents impacted millions of current, former and prospective T-Mobile customers as well as MVNO subscribers, according to the FCC.
Information exposed in the breaches included customers’ names, addresses, dates of birth, social security numbers and driver’s licence numbers as well as tariff information.
A representative for T-Mobile told Mobile World Live the FCC’s settlement is a resolution of incidents that occurred years ago and were immediately addressed.
“We have made significant investments in strengthening and advancing our cybersecurity program and will continue to do so”.
In April, the FCC announced it was collectively fining AT&T, T-Mobile and Verizon nearly $200 million for illegally selling subscribers’ real-time locations to third-party distributors without their consent.
It reached a $13 million settlement with AT&T earlier this month to resolve an investigation over a data breach of a cloud vendor in 2023.
Comments