- T-Mobile has been fined $60 million by the Committee on Foreign Investment in the United States (CFIUS) for negligence in a data breach.
- T-Mobile has been named by the CFIUS to push the company to comply with national security rules related to acquisitions.
OUR TAKE
Information breaches due to negligence can affect the state of national security as well as the stability of society, so T-Mobile should work with CFIUS to strengthen its compliance posture and obligations and is committed to working with the U.S. government to ensure compliance with future obligations. As part of their social responsibility, large corporations and organisations have a duty to keep the data of their users and employees secure.
— Iydia Ding, BTW reporter
What happened
The Committee on Foreign Investment in the United States (CFIUS) has sanctioned T-Mobile for failing to prevent or disclose unauthorised access to sensitive customer data.
T-Mobile is owned by Deutsche Telekom, and as part of its acquisition of Sprint, T-Mobile agreed to protect consumer data. At the time of its merger with Sprint, it signed a national security agreement with CFIUS, which was the reason for the fine earlier this year.
T-Mobile said it encountered a technical issue during its integration with Sprint that affected information in a ‘small number of law enforcement information requests.’ It claimed that the issue was promptly addressed at the time and reported ‘in a timely manner.’
CFIUS does not usually name companies that are fined, but T-Mobile was named in an effort to push the company to comply with national security regulations related to the acquisition. T-Mobile’s failure to report promptly will result in its inability to conduct an investigation to rule out potential harm to national security.
Also read: What is RFID protection? Safeguarding data in a wireless world
Also read: What is an RFID wallet? Protecting your data in the digital age
Why it’s important
Protecting the security of online information is of paramount importance and has a bearing on a number of aspects, including personal privacy, corporate secrets, national security and social stability. In the digital age, users’ trust in online services is built on confidence in the security of their data.
Therefore, T-Mobile should work with CFIUS to promote technological improvements and strengthen its compliance posture and obligations. At the same time, T-Mobile should also be more aware of its responsibilities and work with the U.S. government to ensure compliance with future obligations. Regardless of whether the outcome of an incident is large or small, information breaches due to negligence affect national security and social stability. As part of their social responsibility, large businesses and organisations have a duty to keep the data of their users and employees safe. Businesses and individuals alike need to take cybersecurity seriously in order to protect sensitive data from attack.