The telecom giant has to bolster cybersecurity under the agreement
T-Mobile is paying more than $30 million in a government settlement because of massive data breaches.
The cellphone provider will pay a $15.75 million civil penalty and invest a separate$15.75 million in cybersecurity following a series of data breaches in 2021, 2022 and 2023 that exposed thedata of tens of millions of people, the Federal Communications Commission said Monday.
A 2021 T-Mobile data breach exposed the records of 76.6 million people and a2023 breach affected 37 million, including the theft of dates of birth and first and last names, the FCC said.
The changes T-Mobile has to make under the settlementinclude regular reports to the company's board on cybersecurity, moving to a so-called zero-trust architecture, segmenting its networks and broad adoption of multi-factor authentication.
Todays mobile networks are top targets for cybercriminals, FCC Chairwoman Jessica Rosenworcel said. Consumers data is too important and much too sensitive to receive anything less than the best cybersecurity protections.
"We will continue to send a strong message to providers entrusted with this delicate information that they need to beef up their systems or there will be consequences."
T-Mobile told Reuters thatit takes "our responsibility to protect our customers information very seriously" andhas "made significant investments in strengthening and advancing our cybersecurity program and will continue to do so."
There were more than 1 billion data breach victims in the first half of 2024, in large part due to major breaches at Ticketmaster and Advanced Auto Parts.
Even so, the number of data breach victims has been falling in recent yearsas the number of successful attacks has risen, suggesting that hackers are going after more specific, valuable information.
How to protect yourself from data breaches
-
Strong passwords: Create long and complex passwords and check if the service you are using requires them.
-
Two-factor authentication: This will require two or more credentials to log in to an account, such as both your password and a one-time code texted to your phone.
-
CAPTCHA: If companies require a user to enter a series of characters from an image to use services, this will slow down attackers.
-
Read news: A simple Google search can show if a company has been breached in recent years.
-
Security certifications: Look for seals of approval, such as from the International Organization for Standardization, that a website follows best cybersecurity practices.
-
Encryption: Check if a website uses encryption, such as SSL and the lock for HTTPS.
-
Passkeys: There is a push to switch to passkeys, which authenticate logins without using a username or password.
What to do after a data breach
-
Follow the letter: Companies should send out a letter if you are a victim of a data breach. Read it carefully to get more details about what data was exposed and the steps the company recommends you take.
-
Freeze your credit: Contact each of the three credit bureaus, Experian, Equifax and TransUnion, and get your credit frozen so a criminal cant open cards or other lines in your name.
-
Credit monitoring: Often, companies will offer free credit monitoring or other services after a data breach.
-
Reset passwords: Change your passwords and use different ones for services.
-
Use a password manager: LastPass and services built into web browsers such as Google Chrome and Microsoft Edge can create and store strong passwords for you.
-
Opt out of data collection: If you have the right in your state, you can email services you use to request they dont collect your data for the use by third parties.
-
Request to have your data deleted: For services you dont use, ask to have your data deleted. California and other states have written this into law.
Photo Credit: Consumer Affairs News Department Images
Posted: 2024-10-01 11:20:23
