T-Mobile Agrees to $31.5 Million Settlement Over Data Breach Allegations

T-Mobile has reached a settlement with the Federal Communications Commission (FCC) to pay $31.5 million following a series of data breaches that exposed sensitive customer information. The deal also requires the telecommunications giant to implement significant upgrades to its cybersecurity measures.

Announced on Monday, the settlement stipulates that half of the funds will be directed towards enhancing T-Mobile’s cybersecurity defences, with the remaining $15.75 million paid as a civil fine to the government. The FCC noted that T-Mobile must adopt advanced security frameworks, including zero trust architecture and multi-factor authentication, to safeguard consumer data.

The breaches in question, occurring in 2021, 2022, and 2023, compromised the personal data of millions of current, former, and prospective T-Mobile customers, as well as those of mobile virtual network operators (MVNOs). Information leaked during these incidents included names, addresses, dates of birth, Social Security numbers, and driver’s licence details.

FCC Chairwoman Jessica Rosenworcel emphasised the importance of stringent data protection in her statement: "Today’s mobile networks are prime targets for cybercriminals. The sensitivity of consumer data demands the highest level of cybersecurity."

This settlement follows a broader crackdown on major telecom companies earlier this year. In April, the FCC fined T-Mobile, Verizon, and AT&T a combined $196 million for allegedly mishandling consumers’ location data and failing to implement adequate security measures. T-Mobile was held responsible for $80 million of that penalty.

T-Mobile’s agreement with the FCC marks a significant step in its efforts to rebuild trust with customers and improve its cybersecurity posture amid growing scrutiny over data protection in the telecom industry.