The Federal Communications Commission announced a major settlement today:
WASHINGTON, September 30, 2024—The Federal Communications Commission today announced a groundbreaking data protection and cybersecurity settlement with T-Mobile to resolve the Enforcement Bureau’s investigations into significant data breaches that impacted millions of U.S. consumers. To settle the investigations, T-Mobile has agreed to important forward-looking commitments to address foundational security flaws, work to improve cyber hygiene, and adopt robust modern architectures, like zero trust and phishing-resistant multifactor authentication. The Commission believes that implementation of these commitments, backed by a $15.75 million cybersecurity investment by the company as required by the settlement, will serve as a model for the mobile telecommunications industry. As part of the settlement, the company will also pay a $15.75 million civil penalty to the U.S. Treasury. Read more…
As Bleeping Computer reports, as part of the settlement, T-Mobile agreed to address foundational security flaws, improve cyber hygiene, and adopt robust modern architectures by:
- Providing regular cybersecurity updates through the company’s Chief Information Security Officer to the board of directors to ensure greater oversight and governance,
- Adopting data minimization, data inventory, and data disposal processes to limit the collection and retention of customer information,
- Detecting and tracking critical network assets to prevent misuse or compromise,
- Working toward implementing a modern zero-trust architecture, segmenting its networks to improve security,
- Assesing information security practices through independent third-party audits,
- Adopting multi-factor authentication across company systems to block breach risks linked to leakage, theft, and the sale of stolen credentials.