BrianKrebsSep 30, 2024

Some possible good news for a change: T-Mobile settled with The Federal Communications Commission (FCC) and agreed to pay a paltry $31.5 million over multiple data breaches that compromised the personal info of millions of US consumers.

But that's not the good news: Under the settlement, T-Mobile has agreed to require multifactor authentication for their bajillion employees.

https://www.bleepingcomputer.com/news/security/t-mobile-pays-315-million-fcc-settlement-over-4-data-breaches/

We'll see if and how soon this happens, and if it's decent multifactor. It's still progress. Last year I reported that three different criminal SIM-swapping groups had phished or breached access to T-Mobile employee accounts in more than 100 separate incidents throughout 2022.

https://krebsonsecurity.com/2023/02/hackers-claim-they-breached-t-mobile-more-than-100-times-in-2022/

It's unclear whether T-Mobile's competitors will be held to the same standard.

T-Mobile pays $31.5 million FCC settlement over 4 data breaches

The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers.

BleepingComputer
Show threadDraken BlackKnight
@briankrebs
I don't know about the call centers, but the last time I was in a T-Mobile store I saw them having to confirm their credentials on their tablets with FIDO2 keys.
Sep 30, 2024 at 11:27pmWeb