US penalises T-Mobile for data violations with $60 million fine
The $60 million fine on T-Mobile highlights CFIUS’s tougher stance on enforcement.
T-Mobile has been fined $60 million by a US committee focused on national security for failing to prevent and report unauthorised access to sensitive data. The penalty, imposed by the Committee on Foreign Investment in the US (CFIUS), is linked to violations of a mitigation agreement T-Mobile signed during its 2020 acquisition of Sprint Corp.
The data breach occurred in 2020 and 2021, during the integration of Sprint into T-Mobile’s operations. T-Mobile, controlled by Deutsche Telekom, explained that technical issues affected a small number of law enforcement data requests, but emphasised that the information never left the law enforcement community and was swiftly addressed.
The $60 million fine is the largest ever imposed by CFIUS, signalling a stronger approach to enforcement. Officials noted that the transparency of the penalty is intended to deter future violations, highlighting the committee’s commitment to holding companies accountable.
In the past 18 months, CFIUS has issued six penalties, including the one against T-Mobile, far surpassing the number of fines levied in the previous decades. The delay in T-Mobile’s reporting hampered the committee’s efforts to investigate and mitigate potential risks to US national security.