T-Mobile US—FCC imposed $31.5 million penalty on T-Mobile for four major data breaches affecting over 113 million customers
In September 2024, the FCC imposed a $31.5 million consent decree on T-Mobile covering four major data breaches from 2021-2023. The 2021 breach exposed 76.6 million customers' names, SSNs, and driver's licenses. The 2023 breach exposed 37 million customers' billing addresses and account numbers. T-Mobile was required to invest an additional $15.75 million in cybersecurity improvements. The FCC found multiple compliance failures including inadequate data protection, impermissible access to customer proprietary network information, and misrepresentation to customers about security practices.
Scoring Impact
| Topic | Direction | Relevance | Contribution |
|---|---|---|---|
| Consumer Protection | -against | primary | -1.00 |
| Corporate Transparency | -against | secondary | -0.50 |
| Data Security | -against | primary | -1.00 |
| Overall incident score = | -0.492 | ||
Score = avg(topic contributions) × significance (critical ×2) × confidence (0.59)× agency (negligent ×0.5)
Evidence (1 signal)
FCC consent decree imposed $31.5 million penalty on T-Mobile for four major data breaches
The FCC announced a consent decree with T-Mobile requiring payment of $31.5 million civil penalty and $15.75 million in cybersecurity investments. The decree covers four major breaches from 2021-2023 that affected over 113 million customers. FCC found failures in protecting customer data, impermissible access to CPNI, and misrepresentation to customers.