Tuesday 1 October 2024

FCC Fines T-Mobile, Forces Company to Improve Cybersecurity

The Federal Communications Commission announced a “groundbreaking data protection and cybersecurity settlement with T-Mobile,” fining the company and forcing changes to its operations.

T-Mobile has an atrocious record when it comes to cybersecurity, suffering multiple data breaches in recent years, some of which have impacted tens of millions of users. Hackers even bragged about accessing the company’s internal networks more than 100 times in 2022 alone. Despite settling several class-action cases for a whopping $350 million, the company has continued to struggle with cybersecurity.

The FCC appears to have reached the limits of its patience, and is now forcing the company to do better.

The Federal Communications Commission today announced a groundbreaking data protection and cybersecurity settlement with T-Mobile to resolve the Enforcement Bureau’s investigations into significant data breaches that impacted millions of U.S. consumers. To settle the investigations, T-Mobile has agreed to important forward-looking commitments to address foundational security flaws, work to improve cyber hygiene, and adopt robust modern architectures, like zero trust and phishing-resistant multi-factor authentication. The Commission believes that implementation of these commitments, backed by a $15.75 million cybersecurity investment by the company as required by the settlement, will serve as a model for the mobile telecommunications industry. As part of the settlement, the company will also pay a $15.75 million civil penalty to the U.S. Treasury.

The settlement address multiple data breaches, including incidents from 2021-2023. The FCC acknowledged the carrier networks are prime targets for hackers, but that doesn’t excuse lapses in security. Instead, it only underscores the need for such companies to provide the best security possible.

“Today’s mobile networks are top targets for cybercriminals,” said FCC Chairwoman Jessica Rosenworcel. “Consumers’ data is too important and much too sensitive to receive anything less than the best cybersecurity protections. We will continue to send a strong message to providers entrusted with this delicate information that they need to beef up their systems or there will be consequences.”

As part of the agreement, T-Mobile agreed to the following:

  • Corporate Governance – T-Mobile’s Chief Information Security Officer will give regular reports to the board concerning T-Mobile’s cybersecurity posture and business risks posed by cybersecurity. This is a foundational requirement for all well-governed companies. Corporate boards need both visibility and cybersecurity domain experience in order to effectively govern. This commitment ensures that the board’s visibility into cybersecurity is a key priority going forward.
  • Modern Zero-Trust Architecture – T-Mobile has agreed to move toward a modern zero trust architecture and segment its networks. This is one of the most important changes organizations can make to improve their security posture.
  • Robust Identity and Access Management – T-Mobile has committed to broad adoption of multi-factor authentication methods within its network. This is a critical step in securing critical infrastructure, such as our telecommunications networks. Abuse of authentication methods, for example through the leakage, theft, or deliberate sale of credentials, is the number one way that breaches and ransomware attacks begin. Consistent application of best practice identity and access methods will do more to improve a cybersecurity posture than almost any other single change.

“The wide-ranging terms set forth in today’s settlement are a significant step forward in protecting the networks that house the sensitive data of millions of customers nationwide,” said Loyaan A. Egal, Chief of the Enforcement Bureau and Chair of the Privacy and Data Protection Task Force. “With companies like T-Mobile and other telecom service providers operating in a space where national security and consumer protection interests overlap, we are focused on ensuring critical technical changes are made to telecommunications networks to improve our national cybersecurity posture and help prevent future compromises of Americans’ sensitive data. We will continue to hold T-Mobile accountable for implementing these commitments.”

Hopefully the FCC’s actions send a clear message to all companies that they must protect the data customers entrust them with.



from WebProNews https://ift.tt/NX8kMyZ
Posted by at No comments:
Labels:

Verizon Service Restored, Company Mum On the Details

Verizon has fully restored service to millions of customers impacted by a nationwide outage, but the company remains tight-lipped on the cause of the outage.

Verizon suffered a major outage Monday, September 30. Downdetector showed a massive spike of users reporting issues. The majority of impacted users were not able to make calls, send texts, or access their mobile data.

Fortunately, Verizon says it has fixed the issue.

Unfortunately, however, Verizon has still not said anything about what caused the issue, nor has the company said what it will do to prevent the issue from happening in the future.

The days of a cell phone being a convenience are long past. Today, cell phones are a necessity of life, with many relying on them for work, for family obligations, and for emergencies.

For the largest carrier to experience a nationwide outage that impacted millions, and then say nothing about the cause or the steps being taken to prevent it from happening again is, quite frankly, unconscionable. Verizon’s customers deserve better.

The only silver lining is that the outage will likely result in an FCC investigation, an investigation that will likely provide answers Verizon has failed to do.



from WebProNews https://ift.tt/8ypvKbH
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)