T – Mobile ordered to pay $31.5 million for data breach

October 7, 2024 |

In the United States of America the regulators can force very heavy penalties for data breaches. The Federal Trade Commission (“FTC”), the Securities Exchange Commission (“SEC”) and the Federal Communications Commission (“FCC”) all have some jurisdiction relating to data security and bringing a complaint over data breaches. The most recent instance of the regulator taking action is T – Mobile has settled a claim by the FCC for cyber security data breaches as reported by Geekwire in T-Mobile to pay $31.5M in settlement with FCC over cybersecurity data breaches and US reaches $31.5 million settlement with T-Mobile over data breaches. This is on the back of a settlement in September  between the FCC and AT & T relating to a data breach in January 23 for the sum of US $13 million, as reported by Reuters.

The Geekwire article provides:

T-Mobile will pay $31.5 million in a data protection and cybersecurity settlement with the Federal Communications Commission, resolving investigations into data breaches that impacted millions of U.S. consumers, the agency announced Monday.

According to an FCC news release, T-Mobile has agreed to address “foundational security flaws, work to improve cyber hygiene, and adopt robust modern architectures, like zero trust and phishing-resistant multi-factor authentication.”

The Bellevue, Wash.-based wireless carrier will invest $15.75 million in cybersecurity, in what the FCC calls “a model for the mobile telecommunications industry.” The settlement also includes a $15.75 million civil penalty which T-Mobile must pay to the U.S. Treasury.

The FCC’s Enforcement Bureau opened cybersecurity investigations involving T-Mobile in 2021, 2022, and 2023. The breaches affected millions of cell phone customers and were varied in nature, exploitations, and apparent methods of attack, according to the settlement.

“Today’s mobile networks are top targets for cybercriminals,” FCC Chairwoman Jessica Rosenworcel said in a statement. “Consumers’ data is too important and much too sensitive to receive anything less than the best cybersecurity protections. We will continue to send a strong message to providers entrusted with this delicate information that they need to beef up their systems or there will be consequences.”

“We take our responsibility to protect our customers’ information very seriously,” T-Mobile said in an emailed statement to GeekWire. “This consent decree is a resolution of incidents that occurred years ago and were immediately addressed. We have made significant investments in strengthening and advancing our cybersecurity program and will continue to do so.”

The FCC, through its Privacy and Data Protection Task Force established by Rosenworcel last year, was central to the investigation and settlement with T-Mobile. Similar settlements were reached in September with AT&T for $13 million and Verizon on behalf of TracFone for $16 million in July.

In July 2022, T-Mobile paid $350 million to settle class-action lawsuits brought over an August 2021 cyberattack that impacted 76 million customers.

Leave a Reply





Verified by MonsterInsights