By asahifile 
T-Mobile to Pay $16 Million Fine Amid Data Breaches
T-Mobile has agreed to a $15.75 million civil penalty and will enhance its cybersecurity measures following a series of data breaches over three years, affecting millions of customers.
In a recent order by the Federal Communications Commission (FCC), it was revealed that T-Mobile experienced data breaches in 2021, 2022, and 2023, impacting tens of millions of customers, including those of mobile virtual network operators (MVNOs) that use T-Mobile’s infrastructure. The breaches compromised personal information such as names, addresses, dates of birth, Social Security numbers, and driver’s license numbers.
The FCC’s investigation highlighted several infractions by T-Mobile, including failing to protect customer confidentiality and allowing unauthorized access to sensitive information. To resolve these investigations, the company will also invest $15.75 million over the next two years to strengthen its cybersecurity program.
Regarding the penalties, T-Mobile disagreed with the FCC’s accusations but opted for the settlement to prioritize consumer security.
FCC Chairwoman Jessica Rosenworcel emphasized the importance of protecting customer data in mobile networks, which are increasingly targeted by cybercriminals. As part of the settlement, T-Mobile is expected to implement robust security measures, including adopting a zero trust security framework and enhancing its cyber hygiene practices.
T-Mobile’s breaches stem from various incidents, including the notorious 2021 breach where a hacker accessed the network by impersonating a legitimate connection. This compromise exposed sensitive data from 7.8 million current and 40 million former customers.
The consent decree will remain effective for three years, requiring T-Mobile to report on its cybersecurity progress regularly and ensure it upholds stringent security protocols to avoid future breaches.