Skip to main content
close search
site logo
Dive Brief

FCC seeks stronger breach reporting rules for telecoms

Published Jan. 13, 2022
David Jones's headshot
Reporter
Cell phone or mobile service tower in forested area of West Virginia providing broadband service
BackyardProduction via Getty Images

Dive Brief:

  • The Federal Communications Commission is proposing changes to bolster data breach regulations for the U.S. telecommunications industry, including faster notification to customers and stronger law enforcement. 
  • The proposed regulations would cut the seven business day waiting period for customer notification, force firms to report inadvertent breaches and require companies immediately notify the FCC, the FBI and the U.S. Secret Service of a breach. 
  • "With data breaches increasing in frequency sophistication and scale, and the consequences for consumers lasting long after leaks of personal information take place, I think it's time for the FCC to modernize and clean up its data breach policies," Rosenworcel said on Twitter Wednesday.

Dive Insight:

The proposed breach reporting regulations follow a series of major breaches in the telecom industry, most notably the August attack against T-Mobile, the nation's second-largest wireless carrier. 

During that attack, the records of 7.8 million current postpaid customers and more than 40 million former or prospective customers were accessed. Stolen data included dates of birth, social security numbers and driver's license information. Another 5.3 million postpaid customers were impacted, but did not have driver's license and social security numbers stolen. 

T-Mobile confirmed in December it was hit by a SIM swapping attack, which impacted a much smaller number of customers. 

A spokesperson for the FCC said the new breach requirements would better align the agency with recent changes in federal and state breach reporting requirements in other sectors. 

The industry is considered highly vulnerable to cyberattacks, in part because wireless and broadband companies have so much information about the personal and financial habits of their customers. The telecom industry was among the most frequently targeted industries by ransomware operators during the second quarter of 2021, according to research by McAfee Enterprise. 

"The telecom industry is the backbone of the digital world," Katell Thielemann, Gartner research VP, said via email. "As such, telecom providers are very much high value targets, and also highly vulnerable because of their complex, vast and geographically dispersed technology environment full of IT systems, cyber physical systems and enormously complex supply chains."

Sinclair Broadcast was hit by a high profile ransomware attack in October that disrupted live broadcasts and Cox Media Group was hit by a ransomware attack in June. Visible, a prepaid carrier backed by Verizon, also reported a data breach in October. A spokesperson for Verizon said the company was reviewing the proposed regulations and would have no comment at this time. AT&T and T-Mobile were not immediately available for comment.

Filed Under: Policy & Regulation

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Policy & Regulation
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell