T-Mobile fined $60 million for failing to stop data breaches

 

T-Mobile fined $60 million for failing to stop data breaches

This is the largest penalty the CFIUS has ever issued.

T-Mobile fined $60 million for failing to stop data breaches | DeviceDaily.com
Unsplash / Mika Baumeister

T-Mobile has been fined $60 million for failing to both report and stop data breaches, as indicated by Bloomberg. The hefty fine was levied by the Committee on Foreign Investment in the US (CFIUS) and represents the largest such financial penalty the organization has ever issued. T-Mobile is owned by Deutsche Telekom, a company based in Germany, which is why CFIUS got involved.

These penalties have their origins in the terms of a 2020 deal in which T-Mobile purchased Sprint. CFIUS put some conditions on the purchase, including some related to protecting consumer data. The Committee found that T-Mobile didn’t comply with these conditions by failing to secure data and then by failing to report unauthorized access to this data, as reported by Reuters.

The data access occurred in 2020 and 2021. T-Mobile has blamed it on technical issues that sprang up during its post-merger integration with Sprint. The company says that this impacted “information shared from a small number of law enforcement information requests.”

It also says that the data stayed within the law enforcement community, even after the unauthorized access of data. T-Mobile claims that these issues were reported “in a timely manner” and that they were “quickly addressed.”

A representative from the company reached out to Engadget and echoed the above sentiment, saying “this was not a data breach, but a technical issue.”

CFIUS has been getting more aggressive in recent months with regard to fines and affiliated penalties. It issued six large penalties in the past year or so, though none get close to the $60 million fine T-Mobile was just hit with. This is approximately three times the number of penalties it has issued during any other similar timeframe throughout its existence, from 1975 until 2022.

“The $60 million penalty announcement highlights the committee’s commitment to ramping up CFIUS enforcement by holding companies accountable when they fail to comply with their obligations,” a US official told Reuters.

Update, August 15 2024, 2:40PM ET: This story has been updated to include a quote by T-Mobile.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

(13)