T-Mobile has been fined a record $60 million by the CFIUS for allowing and failing to report unauthorized data access, according to Reuters.
Though it’s unclear exactly what data was leaked and by whom, T-Mobile says that no hackers or bad actors were involved, and that the leak was not a hack or data breach.
The carrier claims that technical issues during its post-merger integration with Sprint between 2020 and 2021 affected “information shared from a small number of law enforcement information requests” and that no data was viewed by anyone outside of law enforcement.
CFIUS’s decision to make this public and the size of the fine demonstrates the committee’s harsher approach to enforcement, according to US officials. It’s hoped this decision could deter future violations by encouraging companies to comply with obligations.
T-Mobile Data Leak Harmed US National Security Equities
According to CFIUS, T-Mobile’s violations of the mitigation agreement it had made with the panel after its acquisition of Sprint “resulted in harm to the national security equities of the United States.”
Over the past 18 months, the Committee has issued six fines ranging from $100,000 to $60 million. It’s clear it is ramping up enforcement, as this is triple the number issued between 1975 and 2022.
It’s not the first time that T-Mobile has faced controversy over data leaks. In 2021, the carrier suffered a data breach which saw hackers gain access to the data of over 53 million customers, including names, addresses, SSN, dates of birth and driver’s license/ID information.