T-Mobile hit with $60M fine over data security violations

CFIUS said T-Mobile has agreed to pay $60 million to settle allegations that the company failed to promptly report instances of unauthorized data access that violated a national security agreement tied to its merger with Sprint.

Jeff Baumgartner, Senior Editor

August 15, 2024

3 Min Read
Padlock being opened against a digital background cybersecurity
(Source: Kiyoshi Takahase Segundo/Alamy Stock Photo)

T-Mobile has agreed to pay $60 million to settle allegations that the company failed to prevent unauthorized access to sensitive data and report those incidents in a timely manner. The incidents related to the fine occurred in 2020 and 2021.

The fine, coming by way of the Committee on Foreign Investment in the US (CFIUS), is the largest penalty ever levied by a panel that reviews deals for potential national security risks, Reuters reported.

Citing US officials, The Wall Street Journal noted that this also marked the first enforcement action taken by CFIUS that publicly named the targeted company. The WSJ said that details of the fine were revealed "as part of an overhaul of CFIUS's website, which went live Wednesday."

Chaired by the US Secretary of the Treasury along with representation from various federal agencies including the Departments of Defense, Commerce and Homeland Security, CFIUS is a US government committee that reviews foreign investments in the US to assess their potential national security implications.

T-Mobile's alleged violations stem from a national security agreement that German-controlled T-Mobile struck with the panel as part of T-Mobile's acquisition of Sprint in 2020. Those national security agreements were necessary due to the foreign ownership of the involved companies – Germany's Deutsche Telekom owns the majority of T-Mobile's US operations while Japan's SoftBank Group owned the majority of Sprint at the time.

T-Mobile told Reuters that the company faced integration-related technical issues following its acquisition with Sprint that affected "information shared from a small number of law enforcement information requests."

"We reported this in a timely manner, and the issue was quickly addressed," T-Mobile said in a statement to The Wall Street Journal, stressing that the data in question never left the law enforcement community. "We are glad to have reached a resolution and look forward to continuing to work cooperatively with the law enforcement community to help keep the country and our customers safe."

Data security issues span the telecom industry

The settlement with CFIUS arrives just over two years after T-Mobile recorded a $400 million charge related to its decision to settle a class action lawsuit over a cyberattack into its systems that occurred in 2021. In 2023, T-Mobile reported that a "bad actor" tapped into its systems to pilfer names, billing addresses, emails, phone numbers and dates of birth from about 37 million customer accounts.

T-Mobile is far from alone when it comes to grappling with cybersecurity issues.

In July, AT&T disclosed that hackers were responsible for illegally downloading data, including call and text records, for almost all of its mobile customers as well as some landline customers. That followed an earlier incident at AT&T that involved the theft of personal information of about 73 million current and former customers.

In June, an extortion group called RansomHub claimed responsibility for an April attack on Frontier Communications that sought to auction up to 5 gigabytes of data tied to about 2 million customers. Others that have been forced to respond to cybersecurity incidents and data breaches in recent months include ComcastDish Network and Verizon.

About the Author

Jeff Baumgartner

Senior Editor, Light Reading

Jeff Baumgartner is a Senior Editor for Light Reading and is responsible for the day-to-day news coverage and analysis of the cable and video sectors. Follow him on X and LinkedIn.

Baumgartner also served as Site Editor for Light Reading Cable from 2007-2013. In between his two stints at Light Reading, he led tech coverage for Multichannel News and was a regular contributor to Broadcasting + Cable. Baumgartner was named to the 2018 class of the Cable TV Pioneers.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like