T-Mobile will agree to pay millions to the FCC as part of a settlement for multiple data violations.

T-Mobile has reached an agreement with the Federal Communications Commission (FCC) of the United States regarding several security breaches and cyber incidents that occurred between 2021 and 2023. As a result of this agreement, the company will have to pay a multi-million dollar fine and undergoing a significant overhaul of its cybersecurity infrastructure.

The FCC stated that its investigation revealed that the cyberattacks suffered by T-Mobile resulted in data breaches affecting millions of mobile phone users. The tactics employed in these attacks varied, showcasing different exploitation methods.

Specifically, T-Mobile will be required to pay a civil penalty of $15.75 million to the U.S. Treasury. Furthermore, it is mandated to make significant changes to its cybersecurity infrastructure, including transitioning to a zero-trust network architecture (ZTNA). According to the FCC, this is one of the most relevant modifications organizations can implement to enhance their security.

The Chief Information Security Officer (CISO) of the company will also have to provide regular updates to the board on T-Mobile’s cybersecurity posture and business risks. In addition, there will need to be a widespread adoption of robust identity and access management practices, which entails the use of multi-factor authentication (MFA) whenever possible. For the FCC, this is a critical measure to secure the essential infrastructure of the country.

To address these needs and carry out the required transformations, T-Mobile will invest approximately $15.75 million. Loyaan A. Egal, head of the Compliance Office and chair of the Privacy and Data Protection Working Group, emphasized that the broad terms set out in this agreement represent a significant step forward in protecting networks that contain sensitive data from millions of customers nationwide.

Egal stressed the importance of companies like T-Mobile and other telecommunications providers making crucial technical changes to their networks to improve national cybersecurity and prevent future exposures of sensitive data belonging to U.S. citizens. The FCC will continue to monitor T-Mobile's compliance with these commitments.