T-Mobile has agreed to pay $31.5 million in a settlement with the Federal Communications Commission related to data protection and cybersecurity breaches that impacted millions of U.S. consumers. The wireless carrier will invest $15.75 million in cybersecurity improvements and pay a civil penalty of the same amount to the U.S. Treasury. The FCC opened investigations into T-Mobile in 2021, 2022, and 2023, leading to this settlement. FCC Chairwoman Jessica Rosenworcel emphasized the importance of strong cybersecurity protections for consumers’ sensitive data.
The settlement with T-Mobile requires the company to address foundational security flaws, improve cyber hygiene, and adopt robust modern architectures such as zero trust and phishing-resistant multi-factor authentication. The FCC praised T-Mobile’s commitment to investing in cybersecurity as a model for the mobile telecommunications industry. T-Mobile stated that it takes its responsibility to protect customer information seriously and has made significant investments in strengthening its cybersecurity program, with plans to continue doing so in the future.
The FCC’s Privacy and Data Protection Task Force, established by Rosenworcel, played a central role in the investigation and settlement with T-Mobile. Similar settlements have been reached with other wireless carriers, with AT&T agreeing to pay $13 million and Verizon on behalf of TracFone agreeing to pay $16 million. In addition to the recent settlement, T-Mobile paid $350 million in July 2022 to settle class-action lawsuits related to a cyberattack that impacted 76 million customers in August 2021.
The breaches affecting millions of cell phone customers were varied in nature, exploitations, and apparent methods of attack, according to the settlement. Mobile networks have become top targets for cybercriminals, prompting regulatory bodies like the FCC to push for stronger cybersecurity measures from telecommunication providers. T-Mobile’s resolution of the incidents, which occurred years ago and were immediately addressed, highlights the ongoing importance of investing in cybersecurity to protect consumer data.
T-Mobile’s commitment to strengthening and advancing its cybersecurity program is a response to the rising threats posed by cybercriminals targeting mobile networks. The company’s response to the breaches, in addition to the settlement with the FCC, demonstrates a recognition of the need for ongoing improvements in cybersecurity measures. By investing in cybersecurity and adopting modern architectures, T-Mobile aims to enhance its defenses against cyber threats and protect the sensitive information of its customers from future breaches.
The settlement with the FCC serves as a reminder to all telecommunications providers of the importance of implementing robust cybersecurity measures to safeguard consumer data. The FCC’s efforts to hold companies accountable for data breaches and cybersecurity vulnerabilities help to protect consumers and promote a more secure telecommunications industry. Collaborative efforts between regulatory bodies, companies, and consumers are essential in addressing cybersecurity challenges and ensuring the protection of data in an increasingly connected and digital world.