T-Mobile Faces Regulatory Scrutiny After Hack

T-Mobile is facing regulatory scrutiny after a hack exposed personal information on millions of customers. The FCC and FTC are investigating the breach and the telecom company has since made changes to its data collection practices.

The can iphones get hacked is a question that many people are asking. T-Mobile faces regulatory scrutiny after admitting to a hack of its systems in which customer information was obtained by hackers.

The FCC’s investigation of T-Mobile US Inc.’s breach is the agency’s first high-profile cyber investigation under the Biden administration, which has pledged to more aggressively regulate businesses’ security standards and privacy protections.

T-Mobile announced the breach on Monday, and it struck a communications industry where cyber supervision is split among government agencies, including the Federal Communications Commission, which has adopted a hands-off approach to data protection in recent years. However, this year, US authorities have indicated a fresh readiness to utilize regulatory authority to strengthen critical infrastructure cyber defenses.

On Wednesday, an FCC spokesperson stated, “Telecommunications firms have a responsibility to safeguard their consumers’ information.” She declined to elaborate.

A spokesperson from T-Mobile did not reply to a request for comment on the matter.

Subscribe to our newsletter

Cybersecurity WSJ Pro

WSJ’s worldwide team of reporters and editors provide cybersecurity news, analysis, and insights.

The FCC’s cybersecurity rules are mainly voluntary, with agency officials issuing best-practice suggestions. Until Colonial Pipeline Co. was hacked in May, the Transportation Security Administration adopted a similar approach to pipeline cyber regulations. Since then, the government has enacted first-of-its-kind rules, such as requiring pipeline operators to disclose intrusions.

While the T-Mobile breach did not affect U.S. communications networks, the firm claimed on Wednesday that hackers obtained personal information from approximately 48 million individuals, including Social Security and driver’s license numbers.

Other personal data breaches have been examined by the Federal Trade Commission, including the 2017 Equifax attack, which resulted in a $575 million settlement. T-Mobile was not mentioned by the FCC, which started investigating how telecom providers gather and retain data in 2019.

The majority of T-data Mobile’s were taken from previous or potential customers, according to the firm. While keeping such information isn’t unlawful, it may raise further concerns about the company’s security procedures from the FTC and other authorities, according to Amy Keller, the head of DiCello Levitt Gutzler’s cybersecurity and technology law division.

“ Why did they retain these people’s Social Security numbers and driver’s license information? ”

DiCello Levitt Gutzler, Amy Keller

Ms. Keller, who has co-led class-action lawsuits against compromised businesses like Equifax, questioned, “Why were they retaining the Social Security numbers and driver’s license information for these people?” “These individuals didn’t even sign a T-Mobile contract.”

T-hack Mobile’s is the latest in a series of security breaches at the cellular carrier headquartered in Bellevue, Wash., which is the second biggest in the United States.

According to Susan Welsh de Grimaldo, an analyst at Gartner Inc., telecom companies “have a fantastic collection of consumer data for their operations.” “At the same time, they become targets.”

In the past, the FCC has fined businesses for poor data security procedures, but under other powers.

After agency authorities discovered that a vendor had stored data on 300,000 customers of the two carriers in readable text files on servers accessible to the internet, TerraCom Inc. and YourTel America Inc., two linked budget cellular providers, paid $3.5 million and agreed to a consent decree in 2015. The failure to adequately protect customer information, according to the FCC’s enforcement division at the time, was a violation of the Communications Act, the 1934 legislation that created the agency.

Also in 2015, AT&T Inc. paid $25 million to settle an investigation into the improper access of 280,000 customers’ personal data, as well as so-called customer proprietary network information, or CPNI, like phone numbers called and the timing of chats. FCC rules say carriers have a duty to protect such data, and companies must obtain annual privacy certifications for it from the FCC.


Tom Wheeler, former Chairman of the Federal Communications Commission, in a 2015 picture.

Associated Press/Lauren Victoria Burke photo

According to Michael O’Rielly, an FCC commissioner from 2013 to 2020, the agency may be looking into whether the stolen data is covered by CPNI regulations in the T-Mobile probe.

Republican commissioners, like as Mr. O’Rielly, have a more limited view of the FCC’s cyber powers. He characterized the agency’s data security authority as “very restricted” at a Senate hearing in 2017.

For fear of hacking, the FCC urged carriers to shun Huawei Technologies Co. equipment under the Trump administration. However, the FCC reversed several Obama-era policies: in 2017, President Trump signed a bill eliminating the FCC’s internet service provider privacy regulations.

As 5G networks spread and allow far bigger data transfers, Tom Wheeler, the FCC’s chairman from 2013 to 2017, said the Biden administration has to strengthen the agency’s focus on security.

Still, he believes that business buy-in on better cyber processes, as well as probes into illegal cyber activities, is preferable to top-down legislation. Regulations can’t keep up with technological advancements, he claims, and may even provide hackers with information about a company’s computer systems’ strong and weak spots.

Mr. Wheeler said, “Rigid regulations are simply invitations for the bad man to find his way around them.”

—This article was co-written by James Rundle.

David Uberti can be reached at [email protected].

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Related Tags

  • can an iphone be hacked
  • t-mobile hours
  • t mobile upgrade
You May Also Like