By David Shepardson
WASHINGTON (Reuters) -T-Mobile has reached a $31.5 million settlement to resolve a probe by the Federal Communications Commission into significant data breaches over three years that impacted tens of millions of U.S. consumers, the agency said on Monday.
T-Mobile will pay a $15.75 million civil penalty and has agreed to spend another $15.75 million over two years to strengthen its cybersecurity program. The FCC said T-Mobile suffered data breaches in 2021, 2022 and 2023 that impacted millions of current, former or prospective T-Mobile customers.
The 2021 breach alone impacted 76.6 million U.S. consumers while a 2023 breach impacted 37 million, the FCC said.
The FCC said T-Mobile, the nation’s third largest wireless carrier with 119.7 million customers, will address “foundational security flaws, work to improve cyber hygiene, and adopt robust modern architectures, like zero trust and phishing-resistant multi-factor authentication.”
“Today’s mobile networks are top targets for cybercriminals,” said FCC Chairwoman Jessica Rosenworcel. “We will continue to send a strong message to providers entrusted with this delicate information that they need to beef up their systems or there will be consequences.”
T-Mobile did not immediately respond to a request for comment.
Earlier this month, the FCC said AT&T (NYSE:) had agreed to pay $13 million to resolve an investigation over a data breach of a cloud vendor in January 2023 that impacted 8.9 million AT&T wireless customers.
AT&T disclosed in July a separate massive hacking incident in April that resulted in the illegal downloading of about 109 million customer accounts that is under FCC investigation.
In July, the FCC said Verizon (NYSE:)’s TracFone Wireless agreed to pay $16 million over data breaches and implement reforms.