United States Fines T-Mobile $60 Million for Failing to Prevent Unauthorized Access to Sensitive Customer Data

T-Mobile was fined $60 million by the Committee on Foreign Investment in the US (CFIUS) for negligence surrounding data breaches, reports Reuters. CFIUS penalized T-Mobile for failing to prevent or disclose unauthorized access to sensitive customer data.

When T-Mobile merged with Sprint, it signed a national security agreement with CFIUS, which is what led to the fine earlier this year. T-Mobile is owned by German company Deutsche Telekom, and T-Mobile agreed to protect consumer data as part of the Sprint acquisition. Back in 2021, T-Mobile suffered a major breach that impacted over 100 million of its users, just a year after it acquired Sprint.

CFIUS does not typically name the companies that it fines, but T-Mobile has been called out in an effort to push companies to comply with national security rules associated with acquisitions.In 2024, following an initial Notice of Penalty issued in 2023, CFIUS resolved an enforcement action against T-Mobile US, Inc. ('T-Mobile'), a telecommunications company, resulting in a $60 million penalty. As publicly disclosed by T-Mobile, the company entered into a National Security Agreement ('NSA') with CFIUS in 2018 in connection with T-Mobile's merger with Sprint and the foreign ownership of the resulting entity. CFIUS determined that between August 2020 and June 2021, in violation of a material provision of the NSA, T-Mobile failed to take appropriate measures to prevent unauthorized access to certain sensitive data and failed to report some incidents of unauthorized access promptly to CFIUS, delaying the Committee's efforts to investigate and mitigate any potential harm. CFIUS concluded that these violations resulted in harm to the national security equities of the United States. T-Mobile has worked with CFIUS to enhance its compliance posture and obligations and has committed to working cooperatively with the U.S. Government to ensure compliance with its obligations going forward.T-Mobile told Reuters that it experienced technical issues when integrating with Sprint, which affected information from 'a small number of law enforcement information requests.' T-Mobile claims to have swiftly dealt with the issue and reported it 'in a timely manner.'

CFIUS said that T-Mobile's lack of timely reporting prevented CFIUS from investigating and mitigating potential harm to U.S. national security.Tag: T-MobileThis article, "United States Fines T-Mobile $60 Million for Failing to Prevent Unauthorized Access to Sensitive Customer Data" first appeared on MacRumors.comDiscuss this article in our forums