T-Mobile US fined $31.5M for network security breaches between 2021 and 2023

T-Mobile US has agreed to a $31.5 million settlement with the FCC following a series of data breaches that affected millions of customers between 2021 and 2023. The settlement includes a $15.75 million fine and a commitment to spend an additional $15.75 million on improving cybersecurity over the next two years.

Key points of the settlement include:

  1. Appointing a chief information security officer who will report to the board of directors.
  2. Implementing a zero-trust security framework and network segmentation.
  3. Adopting phishing-resistant multi-factor authentication across networks and systems.
  4. Improving data minimization and disposal processes.
  5. Conducting independent third-party assessments of security practices.

The settlement addresses four major security incidents since 2021, including:

  1. A 2021 breach affecting 76.6 million customers’ data.
  2. A 2022 intrusion into a management platform for MVNO resellers.
  3. Two separate incidents in 2023 involving stolen credentials and an API misconfiguration.

T-Mobile claims to have already addressed these issues and is committed to strengthening its cybersecurity program. The FCC emphasizes the importance of protecting consumer data in mobile networks, which are increasingly targeted by cybercriminals.

This settlement follows the FCC’s recent update to reporting rules, requiring telcos to disclose security breaches within seven days of discovery.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.