T-Mobile has been slapped with a $60 million fine by the Committee on Foreign Investment in the United States (CFIUS). The fine, the largest ever issued by CFIUS, came after T-Mobile failed to prevent unauthorized access to sensitive data and did not promptly report the incidents.
The violations, which threatened national security, took place between 2020 and 2021 during the integration of T-Mobile and Sprint. Due to technical issues, there was mishandling of information from some law enforcement data requests. This resulted in the data being mistakenly sent to the wrong law enforcement agency, though it remained within the law enforcement community. T-Mobile emphasized that no data breach or malicious activities occurred.
The $60 million penalty underscores the committee’s firm stance on enforcing national security agreements. “The $60 million penalty announcement highlights the committee’s commitment to ramping up CFIUS enforcement by holding companies accountable when they fail to comply with their obligations,” commented an unnamed U.S. official.
The merger between T-Mobile and Sprint, valued at $26 billion, was finalized in April 2020. Combining the third and fourth largest U.S. wireless carriers faced several legal hurdles before approval. The delay in reporting the incidents significantly influenced the fine imposed by CFIUS.
T-Mobile has taken steps to improve its data handling and reporting processes post-incident. “We reported this in a timely manner, and the issue was quickly addressed. We are glad to have reached a resolution and look forward to continuing to work cooperatively with the law enforcement community to help keep the country and our customers safe,” said a spokesperson for T-Mobile.
