T-Mobile’s data breach leads to record-breaking fine

3 months ago 35
T Mobile logo on smartphone (2)

Edgar Cervantes / Android Authority

TL;DR

  • The Committee on Foreign Investment in the US (CFIUS) recently fined T-Mobile a whopping $60 million.
  • This is the largest penalty ever imposed by the committee.
  • T-Mobile acknowledged the issue but explained that it was reported and addressed quickly.

The Committee on Foreign Investment in the US (CFIUS) recently fined T-Mobile a whopping $60 million. So far, this has been the committee’s largest penalty ever, and it was levied because the carrier failed to “prevent and report unauthorized access to sensitive data.”

According to Reuters, the penalty was imposed because T-Mobile violated the terms of a mitigation agreement it had entered into with the CFIUS as part of its acquisition of Sprint in 2020. Officials noted that the unauthorized access to sensitive data happened following the acquisition, in particular during 2020 and 2021.

In its statement, T-Mobile seemed to acknowledge the issue but explained that the unauthorized access to data occurred due to technical issues during its post-acquisition integration with Sprint. The carrier revealed that the breach involved “information shared from a small number of law enforcement information requests,” but noted that the data was always contained within the law enforcement community. Additionally, T-Mobile also emphasized that the issue was reported and addressed quickly.

While this is the CFIUS’ largest penalty to date, the committee likely did so to emphasize its aggressive stance on enforcing compliance going forward. In this case, the CFIUS has jurisdiction over T-Mobile because the carrier is primarily owned by Deutsche Telekom, a German entity. Since the committee was set up to oversee the national security implications of foreign business investments in the US, the CFIUS is within its rights to take action against companies for breaching the terms of their agreements, as it has with T-Mobile.

That said, it is unusual for the CFIUS to issue a penalty of this size. However, it’s worth noting that the committee has been doubling down on its attempts to prevent future violations. Given this, in the last 18 months alone, the CFIUS issued six penalties, ranging from $100,000 to $60 million.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it's your choice.

Read Entire Article