T-Mobile (NASDAQ: TMUS) has reached a $31.5 million settlement with the Federal Communications Commission (FCC) following a series of data breaches between 2021 and 2023 that compromised the personal information of millions of U.S. consumers.
These incidents compromised details such as Social Security numbers, driver’s license information, and other personal identifiers, sparking an in-depth investigation by the FCC’s Enforcement Bureau into T-Mobile’s cybersecurity practices.
The telecom giant will allocate $15.75 million of this fine toward improving its cybersecurity infrastructure and pay an additional $15.75 million as a civil penalty to the U.S. Treasury. T-Mobile is also required to implement modern security frameworks including zero-trust architecture and multi-factor authentication.
FCC Chairwoman Jessica Rosenworcel emphasized the growing risks to mobile networks, highlighting the need for stronger cybersecurity measures to safeguard consumer data. The settlement with T-Mobile follows similar actions against major telecom providers, marking the FCC’s ongoing effort to hold companies accountable for protecting sensitive information.
Why It Matters: T-Mobile’s settlement comes at a time when telecom companies are facing growing pressure to tackle data privacy and cybersecurity concerns. With the rise in cyberattacks on mobile networks, the FCC has been keeping a close eye on how these providers manage sensitive customer information. Millions of people rely on telecom companies to safeguard their personal data, making it more important than ever for companies like T-Mobile to step up their efforts to protect against cyber threats.
- FCC Enforcement and Settlement: The FCC investigated several data breaches at T-Mobile spanning 2021 to 2023, which exposed customer details such as names, addresses, Social Security numbers, and subscription information. As part of the settlement, T-Mobile will pay $31.5 million, with half dedicated to cybersecurity improvements.
- Cybersecurity Overhaul: T-Mobile is required to adopt stringent security measures, including zero-trust architecture, multi-factor authentication to combat phishing risks, and enhanced data minimization protocols. The company must also improve its cybersecurity governance with regular board oversight.
- Previous Breaches and Fines: This settlement follows a series of actions taken by the FCC, including an $80 million fine against T-Mobile in April 2024 for sharing real-time location data without consumer consent. The FCC has fined major wireless carriers nearly $200 million for similar privacy violations.
- Industry-Wide Scrutiny: The FCC’s continued focus on telecom cybersecurity breaches has resulted in settlements with other major players like AT&T and Verizon. The agency has updated breach reporting rules, requiring companies to disclose incidents affecting personally identifiable information within 30 days.
Go Deeper -> T-Mobile Pays $31.5 Million FCC Settlement Over 4 Data Breaches – Bleeping Computer
T-Mobile Agrees to Pay $31.5 Million to Resolve FCC Data Breach Charges – The Record