The Federal Communications Commission (FCC) has reached a major settlement with T-Mobile following several data breaches in recent years. Under the agreement, T-Mobile will pay a $15.75 million fine and invest another $15.75 million in strengthening its cybersecurity measures.
As part of the settlement, T-Mobile’s Chief Information Security Officer (CISO) will now regularly report on cybersecurity matters to the company’s board of directors. Additionally, T-Mobile will enhance its security systems and implement multi-factor authentication to prevent unauthorized access.
The FCC’s investigation focused on multiple breaches between 2021 and 2023, including a significant 2021 incident that exposed sensitive customer data such as social security numbers. FCC Chairwoman Jessica Rosenworcel emphasized that mobile networks are frequent targets for cyberattacks and underscored the need for top-level cybersecurity protections.
This settlement also highlights the importance of having both a Chief Information Officer (CIO) and a CISO within a company. The CIO ensures that the company’s technology infrastructure aligns with business goals, while the CISO is responsible for protecting against cyber threats. Together, they play a crucial role in safeguarding data, ensuring compliance with regulations, and maintaining customer trust. In today’s environment of increasing cyber risks, having these roles in place is essential for any business to secure its data and avoid costly breaches.
Additionally, the FCC has implemented new data protection rules, including a requirement for telecom providers to notify authorities within seven business days of discovering a data breach.