T-Mobile US slapped with record $60m fine for data protection failures

In an unprecedented move, the Committee on Foreign Investment in the United States (CFIUS) has levied a $60 million fine against T-Mobile US for failing to prevent and promptly report unauthorised access to sensitive data.

This penalty, announced on Wednesday, marks the largest ever imposed by CFIUS and signals a more aggressive approach to enforcement.

The violations stem from T-Mobile's $23 billion acquisition of Sprint Corp in 2020. As part of the merger agreement, T-Mobile, which is majority-owned by Germany's Deutsche Telekom, had committed to specific data protection measures. However, unauthorised access to sensitive information occurred between August 2020 and June 2021.

T-Mobile acknowledged experiencing "technical issues" during the post-merger integration with Sprint, affecting "a small number of law enforcement information requests". The company insisted that the data never left the law enforcement community and was "quickly addressed".

CFIUS officials expressed concern over T-Mobile's delay in reporting these incidents, which hampered the committee's ability to investigate and mitigate potential national security risks. The decision to publicly announce the fine is seen as a deterrent to future violations.

"The $60 million penalty announcement highlights the committee's commitment to ramping up CFIUS enforcement by holding companies accountable when they fail to comply with their obligations," a senior US official stated.

This action is part of a broader trend, with CFIUS issuing six penalties in the last 18 months – triple the number levied between 1975 and 2022. Fines have ranged from $100,000 to the current record of $60 million.

The telecom giant maintains that no breach or intrusion occurred, and no malicious actors were involved. T-Mobile emphasised its commitment to cooperating with law enforcement and ensuring customer safety.

This incident underscores the growing scrutiny of foreign-controlled entities operating in sensitive sectors within the United States, particularly in the realm of data protection and national security.



Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.