America's FCC Orders T-Mobile To Deliver Better Cybersecurity

T-Mobile experienced three major data breaches in 2021, 2022, and 2023, according to CSO Online, 'which impacted millions of its customers.'

After a series of investigations by America's Federal Communications Commission, T-Mobile agreed in court to a number of settlement conditions, including moving toward a 'modern zero-trust architecture,' designating a Chief Information Security Office, implementing phishing-resistant multifactor authentication, and adopting data minimization, data inventory, and data disposal processes designed to limit its collection and retention of customer information.

Slashdot reader itwbennett writes: According to a consent decree published on Monday by the U.S. Federal Communications Commission, T-Mobile must pay a $15.75 million penalty and invest an equal amount 'to strengthen its cybersecurity program, and develop and implement a compliance plan to protect consumers against similar data breaches in the future.'

'Implementing these practices will require significant — and long overdue — investments. To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here,' the consent decree said.

The article points out that order of magnitude greater than $15.75 million would be $157.5 million...

Read more of this story at Slashdot.