FCC Fines T-Mobile $31.5 Million After Carrier Was Hacked 8 Times In 5 Years
from the surely-you've-learned-your-lesson-THIS-time dept
U.S. wireless giant T-Mobile gets hacked a lot. In fact, the company has been hacked eight times in the last five years, with several of the intrusions exposing the sensitive personal data of millions of T-Mobile customers. The last hack, revealed in a 2023 SEC filing, exposed the names, addresses, social security numbers, and other sensitive information of over 37 million T-Mobile subscribers.
It took half a decade, but the FCC has finally taken action, announcing last week that it struck a new settlement with T-Mobile related to the breaches. As part of the deal, T-Mobile has agreed to pay $15.75 million to ramp up its security standards and practices (money it should have already spent on the issue), and another $15.75 million civil penalties to the U.S. Treasury.
“Consumers’ data is too important and much too sensitive to receive anything less than the best cybersecurity protections,” FCC boss Jessica Rosenworcel said in a prepared statement. “We will continue to send a strong message to providers entrusted with this delicate information that they need to beef up their systems or there will be consequences.”
One could argue that a $15.75 million fine years after the fact isn’t quite the deterrent Rosenworcel insists, given T-Mobile’s made untold millions (or billions) of dollars over the last decade playing fast and loose with consumer privacy.
As with so many modern companies, T-Mobile over-collects data then doesn’t take the necessary steps to protect said data. It then lobbies state and federal lawmakers to ensure we don’t shore up U.S. privacy protections (as it did when Republicans gutted the FCC’s fairly modest broadband privacy rules, or when it lobbies to kill new federal privacy laws), and the cycle repeats itself in perpetuity.
T-Mobile has a bit of a history of being sloppy with the vast location data it collects on users, then fighting tooth and nail against whatever slapdash accountability U.S. regulators can feebly muster. T-Mobile recently dramatically expanded the company’s collection of user browsing and app usage data via a new program dubbed “app insights.”
In T-Mobile’s case, its federally-backed quest to erode sector competition and merge with Sprint not only resulted in untold layoffs and an immediate end to all wireless data price competition in the U.S., it also distracted the company from doing a better job on consumer privacy and data security.
So yes, it’s nice to see the FCC take belated action, but it shouldn’t be confused with more serious accountability for T-Mobile or its executives. Nor should anybody confuse occasional fines (which may be reduced if they’re paid at all), with having a real federal privacy law, consistent privacy enforcement, or antitrust reform preventing companies from becoming impossibly unaccountable in the first place.
Filed Under: 5g, broadband, data breach, fcc, hackers, jessica rosenworcel, privacy, privacy law, security, telecom, wireless
Companies: t-mobile
Comments on “FCC Fines T-Mobile $31.5 Million After Carrier Was Hacked 8 Times In 5 Years”
So, I wont be all doom and gloom here, but in 2023, T-Mobile paid 14 billion in dividends to investors. I seriously doubt that this fine will make anyone even get a stern talking to.
Re:
There will be many talks.
In households that have an opportunity to switch providers rather than pay the rate increase imposed to cover this fine and continue with same percentages of profit
It’s cheaper to ignore the FCC and keep doing business as usual than it is to actually secure their systems.
Sure, they are certainly going to straight up after this. /s
Only three orders of magnitude too small
The fine should have been 1000X this, and it should have included the confiscation of all executive compensation for the last five years. Slaps on the wrist like this are actually worse than nothing, because they signal to everyone that they can do anything they want with nothing to worry about. Better not to even bother than to impose a paltry, laughable fine like this.
Their use of un-Security somehow failed them. Who could have guessed?
Pointless
Not even really a slap on the wrist. More of a rounding error finger wag.
You want T-Mobile to take this seriously? Put their Chairman, CEO, and CISO in jail. 30 days will do, to start.
rephrased: FCC Chastises T-mobile with a Feather
from the That Will Teach Them dept.
and surprising to none, T-mobile Users shortly there-after experience a price hike like not seen before.
Why such a paltry fine?
Why does the FCC think this is such a big fine? It’s not even $1 per person who was impacted. A real fine would have been $200 per person given directly to the customer so that they could buy the credit card monitoring of their choice for two years, with an equal amount put towards security upgrades, then an equal amount put towards a fine that goes to the FCC. That’s a punitive fine amount, around $2.2 Billion.
And even that won’t put a dent in T-Mobile’s profits, earning over $40 Billion a year in profit since 2020.
fuck the fcc
if all lobbying was banned t mobile would be slapped with a multi billion dollar fine and be forced to break up. these regimes have more then enough money they dont need to outsource data storage solutions. spending $500 million on in house data solutions would eliminate 99% of data breacges
Re:
“if all lobbying was banned”
What about:
“the right of the people peaceably to assemble, and to petition the Government for a redress of grievances”
What is the difference between lobbying and petitioning?
I doubt congress would be able to make this ‘ban’ of yours work without trashing the first amendment.
Perhaps you meant to say ban bribery? corruption?
Remember when John Boehner was handing out checks prior to a vote?
Less effective than a stern finger wagging
Any fine smaller than what a company gained or saved by violating the regulation or law in question is not a punishment it’s a business expense, no different than ‘requiring’ a company to pay their electric bill.
Fines this size would be a hearty deterrent to smaller companies where that sort of money might account for an entire year’s earnings, but to a company T-Mobile’s size it’s not even a slap on the wrist, and if anything is likely to act as encouragement by demonstrating yet again that breaking the law/regulation is absolutely more profitable than following them even if you get caught.
What the judge should have done is made T-Mobile give all of their customers whose data was hacked a monthly rebate/credit of at least $50 for the next five years, minimum.
That would probably hurt them more than a slap on the wrist fine, as that company would see $30 mil as nothing more than the cost of doing business.
The court ordered settlement does nothing to help the customers whose data was hacked.
You want to get their attention?
Change the law so that instead of fines they face criminal penalties. Put a few C-suite dwellers in prison and they’ll get the message.
So what is T-mobile doing for the consumers whose information was compromised?