T-Mobile has received a $60 million fine for not adequately reporting and preventing data breaches, according to Bloomberg.
The Committee on Foreign Investment in the United States (CFIUS) imposed this significant penalty, marking the largest fine the organization has ever issued. CFIUS’s involvement stems from T-Mobile’s ownership by Deutsche Telekom, a German company.
The penalties relate to conditions set during T-Mobile’s acquisition of Sprint in 2020, which included requirements for consumer data protection. CFIUS found that T-Mobile failed to comply with these conditions by not securing data and neglecting to report unauthorized access, as reported by Reuters.
The data breaches occurred in 2020 and 2021, and T-Mobile attributed the issues to technical difficulties that arose during the integration process with Sprint. The company stated that the compromised data remained within the law enforcement community, despite the unauthorized access. T-Mobile claims it reported these issues “in a timely manner” and addressed them quickly. A company representative emphasized to Engadget that this incident was a “technical issue” rather than a data breach.
In recent months, CFIUS has taken a more aggressive stance regarding fines and penalties, issuing six significant penalties within the past year, though none approached the $60 million penalty imposed on T-Mobile. This recent fine reflects CFIUS’s commitment to enforcing compliance and holding companies accountable for failing to meet their obligations, according to a U.S. official who spoke to Reuters.