T-Mobile was fined $60 million for both failing to report and stopping data breaches. . The large fine was imposed by the Committee on Foreign Investment in the United States (CFIUS), and represents the largest such financial penalty ever imposed by the agency. T-Mobile is owned by Germany-based Deutsche Telekom, which is why CFIUS got involved.
These penalties originate from the terms of the 2020 contract T-Mobile bought Sprint. CFIUS imposes certain conditions on the acquisition, including certain conditions related to the protection of consumer information. The committee found that T-Mobile failed to secure data and then breached those terms by reporting unauthorized access to that data. .
The data breaches occurred in 2020 and 2021. T-Mobile attributed the violations to technical issues during its post-merger integration with Sprint. The company says the breaches targeted “information shared from a small number of law enforcement agencies’ data requests.”
It also says data remains with law enforcement even after breaches. T-Mobile claims the breaches were “timely” reported and “resolved promptly.”
CFIUS has become more aggressive with fines and related penalties in recent months. It has issued six large fines in the past year or so, though none have come close to T-Mobile’s $60 million fine. That’s nearly three times the number of sentences he handed down during any other similar period of his existence, from 1975 to 2022.
“The announcement of the $60 million fine underscores the committee’s commitment to strengthening CFIUS enforcement by holding companies accountable when they fail to meet their obligations,” a U.S. official said. Reuters.
