A $60 million fine was issued for communications giant T-Mobile US, Inc., for allegedly suffering security incidents between August 2020 and June 2021 that resulted in unauthorized data access, which violated a key provision of a National Security Agreement (NSA), said the Committee on Foreign Investment in the United States (CFIUS) in a recent report.Â
The company, owned by German company Deutsche Telekom, joined the NSA as part of its 2020 merger with Sprint Corporation, which the CFIUS government agency, which is responsible for reviewing foreign investments in the country, approved to mitigate potential national security risks.
The report alleges that T-Mobile did not implement adequate measures to prevent unauthorized access to sensitive data or report such security incidents in a timely manner, which led CFIUS to conclude the company’s data breaches harmed the U.S. national security interests and levy an unprecedented $60 million fine, the largest penalty imposed by CFIUS to date.
T-Mobile enhanced its compliance posture and obligations and committed to cooperating with the U.S. government to ensure compliance in the future.
In November 2021, just a year after it acquired Sprint, T-Mobile suffered a major breach, with hackers selling 100 million records corresponding to 30 million American subscribers, exposing social security numbers, phone numbers, full names, physical addresses, driver's license scans, and unique IMEI numbers in the pack.
The company’s past data breach incidents include one in February 2021, one in December 2020, another in November 2019, and one in August 2018.Â