T-Mobile data breach settlement overview:
- Who: T-Mobile agreed to pay $31.5 million to end multiple Federal Communication Commission investigations into data breach incidents from 2021, 2022 and 2023.
- Why: The FCC said its investigation revealed the incidents were “varied in their nature, exploitations, and apparent methods of attack.”
- Where: The T-Mobile data breaches affected millions of consumers nationwide.
T-Mobile has agreed to pay $31.5 million to resolve multiple Federal Communication Commission (FCC) investigations into data breach incidents from 2021, 2022 and 2023 that combined to affect millions of consumers.
The telecom company also promised to address “foundational security flaws,” work to improve “cyber hygiene,” and adopt “robust modern architectures,” such as zero trust and multi-factor authentication that is resistant to phishing.
“Today’s mobile networks are top targets for cybercriminals,” FCC Chair Jessica Rosenworcel said in a statement. “Consumers’ data is too important and much too sensitive to receive anything less than the best cybersecurity protections.”
The FCC said the investigations unearthed evidence that the data breach incidents were “varied in their nature, exploitations, and apparent methods of attack.”
The T-Mobile settlement includes several enforceable commitments by T-Mobile, including corporate governance, modern zero-trust architecture and “robust” identity and access management, according to the FCC.
“T-Mobile has committed to broad adoption of multi-factor authentication methods within its network. This is a critical step in securing critical infrastructure, such as our telecommunications networks,” the FCC said in its statement.
T-Mobile settlement funds to go toward civil penalty, upgraded cybersecurity, compliance plan
The T-Mobile settlement funds will be split down the middle, with $15.75 million allocated towards a civil penalty and $15.75 million going towards cybersecurity improvements and a compliance plan, according to the FCC.
In total, the FCC has fined T-Mobile, AT&T, Sprint and Verizon a combined $195 million as the result of investigations into the telecom companies selling of user location data, reports Law360.
Under Rosenworcel, the FCC established the Privacy and Data Protection Task Force in 2023 as a way to focus on rulemaking, enforcement and public awareness needs in the privacy and data protection sectors, according to the agency.
The agency said the task force has helped lead to similar consumer privacy upgrades with “all of the largest wireless carriers,” including T-Mobile, AT&T and Verizon.
A group of consumers filed a class action lawsuit against T-Mobile in July over claims it violated its guarantee that certain wireless cell phone service plans had rates that were guaranteed to last for life.
Were you affected by a T-Mobile data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
2 thoughts on$31.5M T-Mobile settlement resolves FCC data breach investigations
I feel I was affected by T-mobile’s data breach. Along with the increase in rates that I was not aware of.
I am a T-mobile customer and probably was affected by this data breach