Skip to main content

T-Mobile data breaches: Company pays fine and promises to do better

A succession of T-Mobile data breaches saw millions of customers have their personal data exposed. The company has now been fined $15.75M, and has agreed to spend the same amount again on upgrading its security.

The Federal Communications Commission (FCC) says that the combination of fine and promised security enhancements represents a model for future handling of such incidents …

T-Mobile data breaches

The summer of 2021 saw a huge T-Mobile security breach, exposing the personal data from more than 100 million customers. This included sensitive data needed for identity theft, like home address and date of birth. Another breach followed later the same year, along with others in 2022 and 2023.

The company admitted to a further breach in January of this year, impacting 37 million customers. Then yet another one in May, in which social security numbers were compromised.

Carrier fined, and commits to security upgrades

The FCC reached what it calls a “groundbreaking” settlement with T-Mobile in respect of three of these cases.

The Federal Communications Commission today announced a groundbreaking data protection and cybersecurity settlement with T-Mobile to resolve the Enforcement Bureau’s investigations into significant data breaches that impacted millions of U.S. consumers.

To settle the investigations, T-Mobile has agreed to important forward-looking commitments to address foundational security flaws, work to improve cyber hygiene, and adopt robust modern architectures, like zero trust and phishing-resistant multi- factor authentication. The Commission believes that implementation of these commitments, backed by a $15.75 million cybersecurity investment by the company as required by the settlement, will serve as a model for the mobile telecommunications industry.

As part of the settlement, the company will also pay a $15.75 million civil penalty to the U.S. Treasury.

Separately, T-Mobile was recently fined $60M by a less well-known government body for failing to prevent unauthorized access to sensitive data, and for further failing to report the failure.

Other recent security stories:

Photo by NASA on Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications