On September 30, 2024, the Federal Communications Commission (FCC) announced a significant settlement with T-Mobile in response to multiple data breach investigations conducted by its Enforcement Bureau. The settlement addresses cybersecurity incidents affecting millions of U.S. consumers and includes a $15.75 million civil penalty to the U.S. Treasury, as well as an equivalent amount allocated for cybersecurity improvements. T-Mobile has committed to implementing crucial security enhancements, such as adopting a zero-trust architecture and phishing-resistant multifactor authentication. FCC Chairwoman Jessica Rosenworcel emphasized the importance of robust cybersecurity measures, stating that mobile networks are prime targets for cybercriminals and underscoring the need for heightened protections for consumer data.
The settlement resolves investigations into breaches from 2021 to 2023, revealing a variety of exploitations and attack methods. Key provisions include enhanced corporate governance measures, ensuring T-Mobile's Chief Information Security Officer regularly reports to the board on cybersecurity issues. The FCC, through its Privacy and Data Protection Task Force, has also secured similar agreements with other major wireless carriers, reinforcing its commitment to improving cybersecurity standards across the telecommunications industry and safeguarding sensitive consumer data against future threats.
