Summary:
-
Data Breach History
T-Mobile faced three significant data breaches in 2021, 2022, and 2023, compromising millions of customer accounts, prompting the Federal Communications Commission (FCC) to investigate. -
Settlement Conditions
As part of a court settlement, T-Mobile has agreed to enhance its cybersecurity measures, which includes implementing a โmodern zero-trust architectureโ and appointing a Chief Information Security Officer. -
Security Enhancements
The telecom giant will also implement phishing-resistant multifactor authentication, alongside processes for data minimization, inventory, and disposal to limit customer data collection and retention. -
Financial Penalty
T-Mobile is required to pay a $15.75 million penalty and match that amount in investments to fortify its cybersecurity framework and develop a compliance plan to safeguard against future breaches. -
Future Investments Required
The FCCโs consent decree noted that achieving these improvements will necessitate significant investments, potentially exceeding $157.5 million at T-Mobileโs operational scale.
Read more at: CSO Online | CSO Online | CSO Online | FCC Document
!