The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers.
This agreement resolves the FCC Enforcement Bureau investigations into several cybersecurity incidents and resulting data breaches that impacted T-Mobile's customers in 2021, 2022, and 2023 (an API incident and a sales application breach).
As part of the settlement, the telecom carrier must invest $15.75 million in cybersecurity enhancements and pay the U.S. Treasury an additional $15.75 million civil penalty.
The company has also committed to implementing more robust security measures, including adopting modern cybersecurity frameworks like zero-trust architecture and multi-factor authentication that resists phishing attacks.
"Today's mobile networks are top targets for cybercriminals. Consumers' data is too important and much too sensitive to receive anything less than the best cybersecurity protections," said FCC Chairwoman Jessica Rosenworcel.