The Committee on Foreign Investment in the US (CFIUS) has hit T-Mobile with a $60M fine for failing to prevent unauthorized access to sensitive data and then failing to report the breach. The fine was the largest ever issued by CFIUS. CFIUS has jurisdiction over T-Mobile, as the carrier is majority-owned by a German company, Deutsche Telekom.
The Committee on Foreign Investment in the United States is an inter-agency committee in the United States government that reviews the national security implications of foreign investments in the U.S. economy. The committee has the power to block investments, impose conditions on those investments, nd to fine companies for breaches of their obligations.
When T-Mobile purchased Spring back in 2020, CFIUS imposed conditions on the deal, including requirements that data be properly protected.
A Reuters report says the committee has determined that T-Mobile breached the conditions of the deal by failing to properly secure data and then failing to report the data breach.
In the case of T-Mobile […] the unauthorized access to sensitive data occurred in 2020 and 2021, U.S. officials said […]
“The $60 million penalty announcement highlights the committee’s commitment to ramping up CFIUS enforcement by holding companies accountable when they fail to comply with their obligations,” one of the U.S. officials said, adding that transparency around enforcement actions incentivizes other companies to comply with their obligations […]
T-Mobile said in a statement that it experienced technical issues during its post-merger integration with Sprint that affected “information shared from a small number of law enforcement information requests.” It stressed that the data never left the law enforcement community, was reported “in a timely manner” and was “quickly addressed.”