In a significant move to bolster its cybersecurity posture, T-Mobile US Inc. (TMUS) has reached a settlement with the Federal Communications Commission (FCC). This settlement involves a commitment by T-Mobile to significantly improve its cybersecurity infrastructure, addressing a series of data breaches that have plagued the company in recent years.
According to the FCC, the agreement entails key future commitments from T-Mobile, including addressing core security vulnerabilities, enhancing cyber hygiene, and implementing modern frameworks such as zero trust and phishing-resistant multi-factor authentication. The telecom giant will also remit $15.75 million in civil penalties to the U.S. Treasury, a move that mirrors its internal cybersecurity investment.
“Consumers’ data is too important and much too sensitive to receive anything less than the best cybersecurity protections. We will continue to send a strong message to providers entrusted with this delicate information that they need to beef up their systems or there will be consequences,” stated FCC chairwoman Jessica Rosenworcel in a release on Monday.
The settlement brings closure to several investigations into T-Mobile’s cybersecurity incidents that occurred in 2021, 2022, and 2023. These breaches, according to the FCC, varied in nature, exploitation, and apparent methods of attack.
In August 2023, T-Mobile paid a $60 million penalty for failing to report unauthorized access to sensitive data, a breach that occurred following its acquisition of Sprint. The company’s cybersecurity failures have resulted in the compromise of millions of customers’ personal data, including social security numbers, addresses, and driver’s license numbers.
This settlement comes at a time when T-Mobile has been facing a series of challenges related to data breaches and network outages. In January 2023, a data breach at T-Mobile put 37 million customers at risk, forcing the company to incur significant expenses to manage the fallout. A month later, T-Mobile experienced a major network outage in the United States, impacting Apple smartphones and forcing them into “SOS” mode.
Despite these setbacks, T-Mobile announced plans earlier this month to raise $2.5 billion through a secondary senior notes offering for general corporate purposes. Meanwhile, on Monday, Verizon Communications (VZ) reported that it had fully resolved a network disruption that affected thousands of U.S. customers. This resolution came just hours after the FCC announced it would investigate the issue. Earlier that day, Downdetector, a website that monitors tech outages, received over 100,000 reports. By 8 p.m. ET, the number had dropped to around 2,500.
Verizon engineers have fully restored today’s network disruption that impacted some customers. Service has returned to normal levels. If you are still having issues, we recommend restarting your device. We know how much people rely on Verizon and apologize for any inconvenience….
The FCC’s settlement with T-Mobile sends a strong message to telecommunications providers: prioritizing cybersecurity and protecting customer data is essential. This commitment to enhanced cybersecurity measures will hopefully help T-Mobile regain the trust of its customers and build a more secure infrastructure for the future.