T-Mobile has agreed to a $31.5 million data protection and cybersecurity settlement with the FCC, following investigations into data breaches that affected millions of U.S. consumers. The wireless carrier will invest $15.75 million in cybersecurity measures and pay a $15.75 million civil penalty to the U.S. Treasury. The FCC found foundational security flaws in T-Mobile’s network and is requiring the company to improve cyber hygiene and adopt modern security architectures like zero trust and phishing-resistant multi-factor authentication.
The FCC’s Enforcement Bureau opened cybersecurity investigations into T-Mobile in 2021, 2022, and 2023, following breaches that impacted millions of cell phone customers. The nature, exploitations, and methods of attack of these breaches varied, leading to the settlement agreement. FCC Chairwoman Jessica Rosenworcel emphasized the importance of strong cybersecurity protections for consumers’ sensitive data, noting that mobile networks are top targets for cybercriminals. The FCC is sending a clear message to providers that they must enhance their systems to prevent future breaches or face consequences.
T-Mobile stated that it takes its responsibility to protect customer information seriously and has already made significant investments in strengthening and advancing its cybersecurity program. The consent decree is a resolution of incidents from years ago that were promptly addressed. The company remains committed to enhancing its cybersecurity measures in the future. The FCC’s Privacy and Data Protection Task Force, established by Rosenworcel, played a crucial role in the investigation and settlement with T-Mobile, similar to settlements reached with AT&T and Verizon on behalf of TracFone in previous months.
In addition to the recent settlement with the FCC, T-Mobile previously agreed to pay $350 million to settle class-action lawsuits related to a cyberattack in August 2021 that affected 76 million customers. The company has faced significant financial consequences as a result of these data breaches and cyberattacks, highlighting the importance of robust cybersecurity measures. The FCC’s efforts to hold providers accountable and enforce cybersecurity standards are aimed at protecting consumers’ data from future breaches and cyber threats.
Overall, the settlement between T-Mobile and the FCC underscores the importance of cybersecurity in the telecommunications industry. The FCC is working to ensure that wireless carriers implement strong security measures to safeguard consumer data from cyber threats. T-Mobile’s agreement to invest in cybersecurity and pay a civil penalty demonstrates the consequences that companies face for failing to protect customer information. Moving forward, the focus will be on improving cyber hygiene, adopting modern security technologies, and strengthening cybersecurity programs to prevent future data breaches and ensure consumer trust in the industry.
