News: 0175194025

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

America's FCC Orders T-Mobile To Deliver Better Cybersecurity (csoonline.com)

(Saturday October 05, 2024 @05:21PM (EditorDavid) from the phoning-it-in dept.)


T-Mobile experienced three major data breaches in [1]2021 , 2022, and [2]2023 , according [3]to CSO Online , "which impacted millions of its customers."

After a series of investigations by America's Federal Communications Commission, T-Mobile agreed in court to a number of settlement conditions, including moving toward a "modern zero-trust architecture," designating a Chief Information Security Office, implementing phishing-resistant multifactor authentication, and adopting data minimization, data inventory, and data disposal processes designed to limit its collection and retention of customer information.

Slashdot reader [4]itwbennett writes:

> According to a [5]consent decree published on Monday by the U.S. Federal Communications Commission, T-Mobile must pay a $15.75 million penalty and invest an equal amount "to strengthen its cybersecurity program, and develop and implement a compliance plan to protect consumers against similar data breaches in the future."

>

> "Implementing these practices will require significant — and long overdue — investments. To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here,' the consent decree said.

The article points out that order of magnitude greater than $15.75 million would be $157.5 million...



[1] https://www.csoonline.com/article/571199/the-t-mobile-data-breach-a-timeline.html

[2] https://www.csoonline.com/article/574385/t-mobile-suffers-8th-data-breach-in-less-than-5-years.html

[3] https://www.csoonline.com/article/3543785/fcc-orders-t-mobile-to-deliver-zero-trust-and-better-mfa.html

[4] https://slashdot.org/~itwbennett

[5] https://docs.fcc.gov/public/attachments/DA-24-860A1.docx


Hahaha (Score:2)

by backslashdot ( 95548 )

Yes sir! Right away sir!

Re: (Score:2)

by Malay2bowman ( 10422660 )

"If you don't comply, we will have to write a stronger worded letter for you."

Cyber Security Scales (Score:2)

by laughingskeptic ( 1004414 )

This statement shows a fundamental misunderstanding of Cyber Security: "To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here". Cyber Security scales. Fortune 400 companies spend a much smaller fraction of their budget per-employee on cybersecurity than medium-sized companies and small organizations can't really afford a reasonable defense. There is no excuse for T-Mobile to not be better at this.

Zero trust architecture (Score:2, Insightful)

by Z00L00K ( 682162 )

I see that there's a lot of talk about "Zero trust architecture", but it seems to me that it's only part of the solution since it only talks about mutual authentication.

What it doesn't say is that part of security is to compartmentalize. Don't let two systems share the same data segment. That way you'd even prevent the attempt to authenticate towards the wrong system.

Another factor that flies under the radar so to say is software upgrades. At a software upgrade on either side of a trusted system there's a r

Nothingburger (Score:2)

by marcle ( 1575627 )

Even $157 million is just a slap on the wrist for a company as big as T-Mobile.

<ExMachina> glQuakeIIIRendererMode(GL_TRUE)
<Knghtbrd> ExMachina: isn't that part of the extension which provides
glDriverBugs(GL_FALSE); ?
<Siigron> Knghtbrd: no, glDriverBugs() is part of EXT_help_me.
<Siigron> which also contains glMakeItWork(GL_PLEASE);