T-Mobile will pay FCC millions in settlement over multiple data breaches

(Image credit: T-Mobile)

T-Mobile has settled its case with the US Federal Communications Commission regarding multiple cybersecurity incidents and data breaches between 2021 and 2023.

Under the settlement, the company will pay a multi-million dollar penalty, and will have to significantly revamp its cybersecurity infrastructure.

The FCC said its investigation determined the cyberattacks T-Mobile experienced resulted in data breaches, “which affected millions of cell phone customers, were varied in their nature, exploitations, and apparent methods of attack.” As a result, the company will have to pay a $15.75 million civil penalty to the US Treasury.

Critical step

As part of the ruling, T-Mobile will have to make significant changes to its cybersecurity infrastructure, including moving to a zero-trust network architecture (ZTNA), which the FCC describes as, “one of the most important changes organizations can make to improve their security posture.”

The company's CISO will also have to regularly brief the board regarding T-Mobile’s cybersecurity posture and business risks, and it must also broadly adopt robust identity and access management, which includes multi-factor authentication (MFA) wherever possible.

For the FCC, this is a “critical step in securing critical infrastructure”.

To address these issues, and make the necessary changes, T-Mobile will invest roughly $15.75 million, the announcement adds.

“The wide-ranging terms set forth in today’s settlement are a significant step forward in protecting the networks that house the sensitive data of millions of customers nationwide,” said Loyaan A. Egal, Chief of the Enforcement Bureau and Chair of the Privacy and Data Protection Task Force.

“With companies like T-Mobile and other telecom service providers operating in a space where national security and consumer protection interests overlap, we are focused on ensuring critical technical changes are made to telecommunications networks to improve our national cybersecurity posture and help prevent future compromises of Americans’ sensitive data. We will continue to hold T-Mobile accountable for implementing these commitments.”

More from TechRadar Pro

T-Mobile denies it was hacked, despite hacker claiming to have leaked company data
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.