Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Cellphones Privacy Security

America's FCC Orders T-Mobile To Deliver Better Cybersecurity (csoonline.com) 13

T-Mobile experienced three major data breaches in 2021, 2022, and 2023, according to CSO Online, "which impacted millions of its customers."

After a series of investigations by America's Federal Communications Commission, T-Mobile agreed in court to a number of settlement conditions, including moving toward a "modern zero-trust architecture," designating a Chief Information Security Office, implementing phishing-resistant multifactor authentication, and adopting data minimization, data inventory, and data disposal processes designed to limit its collection and retention of customer information.

Slashdot reader itwbennett writes: According to a consent decree published on Monday by the U.S. Federal Communications Commission, T-Mobile must pay a $15.75 million penalty and invest an equal amount "to strengthen its cybersecurity program, and develop and implement a compliance plan to protect consumers against similar data breaches in the future."

"Implementing these practices will require significant — and long overdue — investments. To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here,' the consent decree said.

The article points out that order of magnitude greater than $15.75 million would be $157.5 million...
This discussion has been archived. No new comments can be posted.

America's FCC Orders T-Mobile To Deliver Better Cybersecurity

Comments Filter:
  • Yes sir! Right away sir!

    • "If you don't comply, we will have to write a stronger worded letter for you."
    • T-Mobile must pay a $15.75 million penalty

      T-Mobile operating revenue for 2023: $78.6 billion.

      "Bill, pay it out of petty cash, and give the manager who saved us a fortune on security spending a raise".

  • This statement shows a fundamental misunderstanding of Cyber Security: "To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here". Cyber Security scales. Fortune 400 companies spend a much smaller fraction of their budget per-employee on cybersecurity than medium-sized companies and small organizations can't really afford a reasonable defense. There is no excuse for T-Mobile to not be better at this.
  • by Z00L00K ( 682162 ) on Saturday October 05, 2024 @01:24PM (#64842175) Homepage Journal

    I see that there's a lot of talk about "Zero trust architecture", but it seems to me that it's only part of the solution since it only talks about mutual authentication.

    What it doesn't say is that part of security is to compartmentalize. Don't let two systems share the same data segment. That way you'd even prevent the attempt to authenticate towards the wrong system.

    Another factor that flies under the radar so to say is software upgrades. At a software upgrade on either side of a trusted system there's a risk that some new features were added that suddenly introduces a security threat that can't be easily detected.

    Then we have the security risk of centrally managed networks. What if the central network management team is hacked? Realize that they are the goldmine strike for hackers. In a large business even having a zero trust between various sites is important down to the lowest network level. Each site shall be able to work standalone and disconnected from the other parts of the corporate network. There are features shared between sites that can be accepted to be lost, but it should keep a reasonable operational level.

    With a high level of centralization of network management there's yet one more factor involved - the ability to understand a local site and know what's important for that site as well as being able to handle problems around lost connectivity. It's impossible for someone in India to see if it's a power outage or an ISP problem in the UK, the only thing they can see is that the site is offline.

  • Even $157 million is just a slap on the wrist for a company as big as T-Mobile.

    • It's a big deal for the Cxx dude who has to settle for a 60 foot yacht when they had their heart set on an 80 footer.
  • T-Mobile isn't the only one needs better cybersecurity!

  • The "Deutsche Telekom" was known as "Telekotz" (roughly translates to "tele-vomit") and the worst telecommunication provider ever. They had a monopoly and were abusing it shamelessly. Nice to see that some things you can still rely on!

  • I'll huff and puff...

"Nuclear war can ruin your whole compile." -- Karl Lehenbauer

Working...