There’s an expectation of privacy and security in your mobile provider. That’s why a series of T-Mobile data breaches from 2021 through January of this year caused so much concern. Over 130 million customers were affected, and their addresses, dates of birth, and sometimes even social security numbers were exposed to the attacks.
T-Mobile has reached a settlement with the Federal Communications Commission (FCC) regarding the data breaches. The company is on the hook for $15.75 million in fines, but it is also paying an additional $15.75 million in infrastructure improvements to improve its cybersecurity. The settlement also includes several actionable steps on T-Mobile’s part.
T-Mobile’s Chief Information Security Officer is required to provide regular reports to the FCC regarding the company’s cybersecurity status. The idea behind this step is that it will keep cybersecurity at the forefront of T-Mobile’s decisions moving forward.
The company also agreed to take a “zero trust” approach, which means its networks will be split into different sections and require authentication when moving between those sections. Zero trust architecture is a complicated idea, but it boils down to this: nothing should be trusted by default, and authorization should be required at every turn.
The third commitment T-Mobile made — and one that ties into the zero trust approach — is to require multi-factor authentication throughout its network. This method can help protect against data breaches by making it significantly more difficult for a bad actor to gain access to your account, even if they otherwise have all of the information.
Let’s be clear: this is a big win for T-Mobile customers. These steps will ensure better data security across the board and help keep focus on preventing additional breaches. The action taken by the FCC will hopefully be enough to leave a lasting impression, while the $15.75 million in cybersecurity improvements should, in theory, shore up any weak spots.