The FCC Enforcement Bureau's investigation into T-Mobile's cybersecurity failures in 2021, 2022, and 2023—including an API issue and a sales application breach—has come to a close, according to Bleeping Computer.

As per the terms of the settlement, T-Mobile has to pay a civil penalty of $15.75 million to the U.S. Treasury and devote $15.75 million towards significant improvements in their cybersecurity infrastructure. In order to thwart phishing attempts and improve overall security, the business has promised to use cutting-edge security techniques including multi-factor authentication and zero-trust architecture.

Jessica Rosenworcel, the chairwoman of the FCC, made a statement about the significance of safeguarding customer data from evolving cyber threats. “Today’s mobile networks are top targets for cybercriminals. The data of consumers is too valuable and too sensitive to be protected by anything less than the greatest cybersecurity measures, the spokesperson claimed. Rosenworcel underlined the FCC's continued determination to make sure telecom companies handling sensitive data either strengthen their cybersecurity procedures or face penalties.

T-Mobile will also take steps such as appointing a Chief Information Security Officer to provide monthly cybersecurity reports to the board of directors and implementing thorough data management plans that reduce the amount of data collected and retained. In order to guarantee compliance and progress, the organization will also submit its security procedures to independent, outside audits.

The FCC's larger plan to strengthen cybersecurity laws pertaining to the telecom industry is in line with this settlement, as seen by the important responsibilities its Privacy and Data Protection Task Force has played. Previous fines levied by the FCC demonstrate the agency's proactive approach to privacy and data security. These penalties include a $13 million settlement with AT&T and a $16 million penalty for Verizon's subsidiary TracFone Wireless.