FCC: T-Mobile Gets $15M Fine, Security Mandates After Data Breaches

The Big Picture: The Federal Communications Commission (FCC) reached a settlement with T-Mobile on the heels of its investigations into several major data breaches that impacted millions of U.S. cell phone customers.

Key Details: 

• As part of the settlement, T-Mobile has committed to making several key security improvements, including adopting measures like network segmentation and MFA, as well as conducting independent third-party assessments of its security practices

• T-Mobile will invest $15.75 million in cybersecurity measures, as required by the settlement, and the company must also pay a $15.75 million civil penalty to the U.S. Treasury

The Background: T-Mobile was hit by breaches in 2021, 2022 and 2023, which impacted millions of current and former customers, as well as millions of end-user customers of T-Mobile resellers. The data wrapped up in these breaches was sensitive, including personal information like customers’ social security numbers and driver’s license numbers.

Why It Matters: The FCC has recently reached settlements with a number of other telecommunications companies due to their failures to protect customer data, including TracFone Wireless in July and AT&T in September. The $15.75 civil penalty for T-Mobile is in line with these other settlements - AT&T faced a $13 million settlement, while TracFone was ordered to pay a $16 million civil penalty. These fines are a drop in the bucket for T-Mobile, which reported $19.77 billion in revenue and $2.92 billion in net income in the second quarter of 2024.

Further Reading:

• Read the FCC’s settlement announcement here

• Read the consent decree here

Image credit: Blogtrepreneur via Flikr