The FCC’s Enforcement Bureau has entered into a Consent Decree with T-Mobile US, Inc. to resolve an investigation into whether T-Mobile: (1) failed to properly protect customer proprietary information; (2) improperly disclosed or permitted access to individually identifiable customer proprietary network information; (3) failed to take reasonable measures to protect CPNI; (4) engaged in unreasonable privacy, cybersecurity, and vendor management practices; and (5) made misrepresentations to its customers regarding information security practices in connection with data breaches in 2021, 2022, and 2023.
To settle the matter, T-Mobile will pay a civil penalty of $15.75 million and commit to spending another $15.75 million to strengthen its cybersecurity program. T-Mobile will also commit to implementing a compliance plan to protect its customers against similar data breaches in the future.
