Skip to main content
close search
site logo
Dive Brief

FCC reaches $31.5M settlement with T-Mobile over rash of data breaches

The company agreed to a major change in board-level governance and will make a series of upgrades to boost its cyber resilience.

Published Oct. 1, 2024
David Jones's headshot
Reporter
T-Mobile storefront in San Francisco.
Pedestrians walk by a T-Mobile store on April 24, 2017 in San Francisco. The company reached a settlement with the FCC and will make investments to boost its data security technology and boost cyber governance. Justin Sullivan/Getty Images via Getty Images

Dive Brief:

  • The Federal Communications Commission reached a settlement with T-Mobile in connection with multiple data breaches between 2021 and 2023 at the mobile carrier and broadband provider, the agency said Monday.  
  • In what the FCC describes as a "groundbreaking" settlement, T-Mobile agreed to pay $15.75 million to the U.S. Treasury and make a $15.75 million investment over the next two years to bolster its internal technology. The company agreed to deploy phishing-resistant multifactor authentication across its internal network and adopt a zero trust architecture. 
  • T-Mobile also agreed to key governance reforms. Its CISO will make regular reports to the board of directors about the company’s cyber posture and business risks linked to cyber.

Dive Insight:

The settlement raises the bar somewhat on how federal agencies are attempting to regulate how the private sector manages cyber risk. 

The Securities and Exchange Commission has stepped up its enforcement of how publicly traded companies disclose cyber incidents and the Federal Trade Commission has also cracked down on how companies manage consumer data in recent years. 

However, the FCC says this agreement is designed in part to help send a message about how the wireless industry helps manage customer data and is designed to address cyber risk from a national security perspective. 

“With companies like T-Mobile and other telecom service providers operating in a space where national security and consumer protection interests overlap, we are focused on ensuring critical technical changes are made to telecommunications networks to improve our national cybersecurity posture and help prevent future compromises of Americans’ sensitive data,” said Loyaan Egal, chief of the enforcement bureau and chair of the privacy and data protection task force.

T-Mobile in 2022 reached a $500 million class action settlement linked to a 2021 breach involving more than 76 million people. Under that agreement, the company agreed to pay $350 million to the class and make $150 million in data security and cyber investments. 

A 2023 breach exposed the personal data of 37 million T-Mobile customers.

The agreement with T-Mobile arrives just after the FCC reached a $13 million settlement with AT&T in September after a third-party data breach exposed the data of 8.9 million customers. 

Earlier this year, new rules went into effect for when telecom companies have to report data breaches to regulators, law enforcement and customers.

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell