US Reaches $31.5 Million Settlement With T-Mobile Over Data Breaches
T-Mobile will pay a $15.75 million civil penalty and has agreed to spend another $15.75 million over two years to strengthen its cybersecurity program. The FCC said T-Mobile suffered data breaches in 2021, 2022 and 2023 that impacted millions of current, former or prospective T-Mobile customers.
The 2021 breach alone impacted 76.6 million U.S. consumers while a 2023 breach impacted 37 million, the FCC said.
The FCC said T-Mobile, the nation’s third largest wireless carrier with 119.7 million customers, will address “foundational security flaws, work to improve cyber hygiene, and adopt robust modern architectures, like zero trust and phishing-resistant multi-factor authentication.”
“Today’s mobile networks are top targets for cybercriminals,” said FCC Chairwoman Jessica Rosenworcel. “We will continue to send a strong message to providers entrusted with this delicate information that they need to beef up their systems or there will be consequences.”
T-Mobile did not immediately respond to a request for comment.
Earlier this month, the FCC said AT&T had agreed to pay $13 million to resolve an investigation over a data breach of a cloud vendor in January 2023 that impacted 8.9 million AT&T wireless customers.
AT&T disclosed in July a separate massive hacking incident in April that resulted in the illegal downloading of about 109 million customer accounts that is under FCC investigation.
In July, the FCC said Verizon’s TracFone Wireless agreed to pay $16 million over data breaches and implement reforms.
(Reporting by Shepardson; Editing by Leslie Adler)