T-Mobile Fined $60M by CFIUS for Data Breach Failings
T-Mobile has been fined $60 million by the Committee on Foreign Investment in the U.S. (CFIUS) for failing to prevent and report unauthorized access to sensitive data. This penalty, the largest ever by CFIUS, is connected to violations of a mitigation agreement following T-Mobile's acquisition of Sprint in 2020.
A powerful U.S. committee that scrutinizes foreign investment for national security risks fined T-Mobile $60 million, its largest penalty ever, for failing to prevent and report unauthorized access to sensitive data, senior U.S. officials said on Wednesday. The penalty imposed by the Committee on Foreign Investment in the U.S. (CFIUS) is tied to violations of a mitigation agreement that German-controlled T-Mobile inked with the panel as part of its $23 billion acquisition of U.S.-based Sprint Corp in 2020.
In the case of T-Mobile, which is majority owned by Deutsche Telekom, the unauthorized access to sensitive data occurred in 2020 and 2021, U.S. officials said. T-Mobile said in a statement that it experienced technical issues during its post-merger integration with Sprint that affected 'information shared from a small number of law enforcement information requests.' It stressed that the data never left the law enforcement community, was reported 'in a timely manner' and was 'quickly addressed.'
The size of the fine, and CFIUS's unprecedented decision to make it public, show the committee is taking a more muscular approach to enforcement as it seeks to deter future violations. 'The $60 million penalty announcement highlights the committee's commitment to ramping up CFIUS enforcement by holding companies accountable when they fail to comply with their obligations,' one of the U.S. officials said, adding that transparency around enforcement actions incentivizes other companies to comply with their obligations.
The committee has issued six penalties in the last 18 months, triple the number it levied between 1975 and 2022, the officials told reporters, noting that penalties range from $100,000 to $60 million. The failure of T-Mobile to report the incidents promptly delayed CFIUS' efforts to investigate and mitigate any potential harm to U.S. national security, they added, without providing further details.
(With inputs from agencies.)
ALSO READ
New Jersey Drone Mystery Sparks National Security Debate
Mystery Drones Spark National Security Debate: Trump's Call to Action
Jammu Border Anti-Drone Tech Boosts National Security
Amit Shah: Firm Stance on Reservation, Focus on National Security
Rhode Island Data Breach: Thousands Affected by Cyberattack