America's FCC Orders T-Mobile To Deliver Better Cybersecurity (csoonline.com) 5
T-Mobile experienced three major data breaches in 2021, 2022, and 2023, according to CSO Online, "which impacted millions of its customers."
After a series of investigations by America's Federal Communications Commission, T-Mobile agreed in court to a number of settlement conditions, including moving toward a "modern zero-trust architecture," designating a Chief Information Security Office, implementing phishing-resistant multifactor authentication, and adopting data minimization, data inventory, and data disposal processes designed to limit its collection and retention of customer information.
Slashdot reader itwbennett writes: According to a consent decree published on Monday by the U.S. Federal Communications Commission, T-Mobile must pay a $15.75 million penalty and invest an equal amount "to strengthen its cybersecurity program, and develop and implement a compliance plan to protect consumers against similar data breaches in the future."
"Implementing these practices will require significant — and long overdue — investments. To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here,' the consent decree said.
The article points out that order of magnitude greater than $15.75 million would be $157.5 million...
After a series of investigations by America's Federal Communications Commission, T-Mobile agreed in court to a number of settlement conditions, including moving toward a "modern zero-trust architecture," designating a Chief Information Security Office, implementing phishing-resistant multifactor authentication, and adopting data minimization, data inventory, and data disposal processes designed to limit its collection and retention of customer information.
Slashdot reader itwbennett writes: According to a consent decree published on Monday by the U.S. Federal Communications Commission, T-Mobile must pay a $15.75 million penalty and invest an equal amount "to strengthen its cybersecurity program, and develop and implement a compliance plan to protect consumers against similar data breaches in the future."
"Implementing these practices will require significant — and long overdue — investments. To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here,' the consent decree said.
The article points out that order of magnitude greater than $15.75 million would be $157.5 million...
Hahaha (Score:2)
Yes sir! Right away sir!
Re: (Score:2)
Cyber Security Scales (Score:2)
Zero trust architecture (Score:2, Insightful)
I see that there's a lot of talk about "Zero trust architecture", but it seems to me that it's only part of the solution since it only talks about mutual authentication.
What it doesn't say is that part of security is to compartmentalize. Don't let two systems share the same data segment. That way you'd even prevent the attempt to authenticate towards the wrong system.
Another factor that flies under the radar so to say is software upgrades. At a software upgrade on either side of a trusted system there's a r
Nothingburger (Score:2)
Even $157 million is just a slap on the wrist for a company as big as T-Mobile.