T-Mobile has been hit with a $60 million fine for its failure to prevent unauthorized access to sensitive data and for not reporting the breach in a timely manner. The fine, imposed by the Committee on Foreign Investment in the United States (CFIUS), marks the largest penalty the committee has ever issued, according to Reuters.
CFIUS and Its Role in National Security
(Photo : Mika Baumeister from Unsplash)
A $60 million fine was handed to T-Mobile for failing to report unauthorized access to confidential data, resulting in harm to the US national security.
The Committee on Foreign Investment in the US (CFIUS) is tasked with overseeing the national security implications of foreign entities making business investments in the country.
Due to T-Mobile's majority ownership by the German company Deutsche Telekom, CFIUS has jurisdiction over the telecom giant. The committee holds the power to block investments, impose conditions, and levy fines on companies that violate their obligations.
Related Article: T-Mobile Hotspot Data Drain Annoys Users: VPNs and eSIMs Could Be Culprits
T-Mobile's $60M Penalty Explained
As per 9to5Mac, T-Mobile's troubles began when it acquired Sprint in 2020. As part of the merger, CFIUS imposed strict conditions to ensure the protection of sensitive data. However, the committee found that mobile network provider breached these conditions by failing to secure data adequately and subsequently failing to report unauthorized access.
According to U.S. officials, the unauthorized access occurred in 2020 and 2021, during the post-merger integration process. T-Mobile acknowledged that technical issues affected a small number of law enforcement information requests, but stressed that the data never left the law enforcement community and was addressed promptly.
One U.S. official emphasized that the $60 million penalty underscores CFIUS's commitment to enforcing compliance and holding companies accountable. The official added that transparency in enforcement actions serves as a deterrent, encouraging other companies to fulfill their obligations.
The Increasing Power of CFIUS Enforcement
CFIUS has significantly increased the penalties it imposes on companies that fail to meet their obligations. T-Mobile's $60 million fine is a testament to the committee's growing enforcement power. The penalty not only reflects the seriousness of the breach but also serves as a warning to other companies about the importance of safeguarding sensitive data.
No Hacker Was Involved
In an email to PCMag, a T-Mobile spokesperson said that what previously happened was not a "breach or intrusion. There was also no bad actor involved in the incident.
"We experienced technical issues during our post-merger integration with Sprint that affected information shared from a small number of law enforcement information requests out of the hundreds of thousands that we process each year," the representative said.
Back in April, T-Mobile, along with AT&T and Verizon were fined $200 million for unauthorized sharing of user location information to aggregators without consent. However, the carriers denied the accusations thrown to them, according to Tech Times.
Read Also: Ookla Test Reveals T-Mobile Is Still the Fastest, Most Stable Network in the US: What About Verizon?
