Deutsche Telekom’s mobile subsidiary T-Mobile US has to pay another fine in the millions due to data protection problems in the USA. The case concerns several online attacks from 2021, 2022 and 2023 in which information from millions of customers was obtained.
Under an agreement with the FCC, T-Mobile US must pay a fine of 15.75 million dollars (14.14 million euros) – and invest the same amount in improving IT security.
In the incident in August 2021, a hacker gained access to the data of 7.8 million active and 40 million former and potential customers. In addition to names and addresses, this also included social security numbers. These are a key identification tool in the USA and can therefore be misused for fraud.
In 2022, online attackers succeeded in accessing a platform for other mobile providers based on the T-Mobile US network. In 2023, unknown persons used stolen employee access data to gain access to some customer information in the sales portal. And also at the beginning of last year, some information such as addresses, names and dates of birth of around 37 million customers fell into the wrong hands via an incorrectly programmed interface.
It was only in August that a fine of 60 million dollars (just under 55 million euros) was announced for T-Mobile US. According to the authority Cfius, which oversees foreign investments in the US, T-Mobile US allowed unauthorized access to sensitive data in some cases between August 2020 and June 2021. According to the company, this involved “a small number” of requests from investigative authorities. There was no breach of IT systems and the information was only accessible within the US security authorities, T-Mobile US emphasized at the time.
dpa