Top

US fines T-Mobile $60 million over unauthorized data access

By Alexandra Alper and Eric Beech

WASHINGTON (Reuters) – A powerful U.S. committee that scrutinizes foreign investment for national security risks fined T-Mobile $60 million, its largest penalty ever, for failing to prevent and report unauthorized access to sensitive data, senior U.S. officials said on Wednesday.

The penalty imposed by the Committee on Foreign Investment in the U.S. (CFIUS) is tied to violations of a mitigation agreement that German-controlled T-Mobile inked with the panel as part of its $23 billion acquisition of U.S.-based Sprint Corp in 2020.

In the case of T-Mobile, which is majority owned by Deutsche Telekom, the unauthorized access to sensitive data occurred in 2020 and 2021, U.S. officials said.

T-Mobile said in a statement that it experienced technical issues during its post-merger integration with Sprint that affected “information shared from a small number of law enforcement information requests.” It stressed that the data never left the law enforcement community, was reported “in a timely manner” and was “quickly addressed.”

The size of the fine, and CFIUS’s unprecedented decision to make it public, show the committee is taking a more muscular approach to enforcement as it seeks to deter future violations.

“The $60 million penalty announcement highlights the committee’s commitment to ramping up CFIUS enforcement by holding companies accountable when they fail to comply with their obligations,” one of the U.S. officials said, adding that transparency around enforcement actions incentivizes other companies to comply with their obligations.

US fines T-Mobile $60 million over unauthorized data access
FILE PHOTO: A sign for a T-Mobile store is seen in Manhattan, New York, U.S., April 30, 2018. REUTERS/Shannon Stapleton/File Photo

The committee has issued six penalties in the last 18 months, triple the number it levied between 1975 and 2022, the officials told reporters, noting that penalties range from $100,000 to $60 million.

The failure of T-Mobile to report the incidents promptly delayed CFIUS’ efforts to investigate and mitigate any potential harm to U.S. national security, they added, without providing further details.