BrianKrebs

Some possible good news for a change: T-Mobile settled with The Federal Communications Commission (FCC) and agreed to pay a paltry $31.5 million over multiple data breaches that compromised the personal info of millions of US consumers.

But that's not the good news: Under the settlement, T-Mobile has agreed to require multifactor authentication for their bajillion employees.

https://www.bleepingcomputer.com/news/security/t-mobile-pays-315-million-fcc-settlement-over-4-data-breaches/

We'll see if and how soon this happens, and if it's decent multifactor. It's still progress. Last year I reported that three different criminal SIM-swapping groups had phished or breached access to T-Mobile employee accounts in more than 100 separate incidents throughout 2022.

https://krebsonsecurity.com/2023/02/hackers-claim-they-breached-t-mobile-more-than-100-times-in-2022/

It's unclear whether T-Mobile's competitors will be held to the same standard.

T-Mobile pays $31.5 million FCC settlement over 4 data breaches

The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers.

BleepingComputer
Sep 30, 2024 at 11:24pmWeb
Show threadDraken BlackKnightSep 30, 2024
@briankrebs
I don't know about the call centers, but the last time I was in a T-Mobile store I saw them having to confirm their credentials on their tablets with FIDO2 keys.
Show threadRichard HendricksSep 30, 2024
@briankrebs It's so weird they require you to unfreeze your credit at all three credit agencies to get new service. Um, how about you fix your own goddamn security issues before worrying about your customer's reliability!
Show threadrobertfromscOct 1, 2024
@briankrebs awesome! So do we the victims see any of that money?