The Committee on Foreign Investment in the United States (CFIUS), part of the US Department of the Treasury, has announced (via Reuters) its largest ever penalty against T-Mobile in response to the network provider’s failure to prevent and report unauthorized access to sensitive data.
The $60 million fine concerns T-Mobile’s violation of a mitigation agreement relating to its $23 billion acquisition of Sprint in 2020.
The multibillion-dollar fine was issued to penalize the company for data breaches that occurred in 2020 and 2021.
T-Mobile fined for data breaches four years ago
The fine doesn’t just relate to the occurrence of the data breaches, but also T-Mobile’s delay in reporting them, which the CFIUS says hindered its ability to address potential national security risks.
T-Mobile blamed the breaches on technical issues during its integration with the Sprint network. The company, majority-owned by Germany’s Deutsche Telekom, emphasized that the technical problems only affected data shared from a small number of law enforcement information requests.
The network provider asserted that the issues were reported “in a timely manner” and resolved quickly.
However, the unprecedented size of the fine and the decision to share details publicly highlight the Committee’s emphasis on enforcement. The $60 million fine now serves as a stark warning to other companies about the importance of complying with regulations and obligations.
Moreover, the CFIUS has been increasing the pressure in recent years, issuing more penalties than previously.
TechRadar Pro has asked T-Mobile to comment on the fine, but the company did not immediately respond.
