Hacker News new | past | comments | ask | show | jobs | submit login
T-Mobile pays $16M fine for three years' worth of data breaches (arstechnica.com)
60 points by pseudolus 12 days ago | hide | past | favorite | 22 comments





If I'm not terrible at my math...

T-Mobile earned $8 billion in 2023. Some division later, that works out to $21,000,000 per day.

They were fined less than one day's income. If I owned that company, increasing IT security would be near the bottom of my list of priorities.


As part of the agreement, TMobile has to harden IT security and show proof (e.g., CISO who reports regularly to feds, adoption of Zero Trust, adoption of minimal data retention policy). Why TMobile must have their hand held like this is beyond me.

And if T-Mobile fails to live up to their end of the agreement, what's the punishment? More meaningless fines?

AND we get increased monthly bills to pay for the cost of their fuckups.

Is the $8B profit or revenue?

To your point, $16M is surely not a big fine for such a big company though, but I do think it's important not conflate profit and revenue when evaluating fines.

Generally speaking, I would love to see some much harsher penalties for negligence with data. I want companies to start seeing customer data as a liability, not as an asset, and I don't think that will happen until f**k-ups starts really making a dent in the bank account.


I still think the C-suite won't care unless the cleanup/penalty costs get pulled directly from their bonus before anywhere else. Otherwise it will just be "oops, I tanked this business, better luck at the next one."

> Is the $8B profit or revenue?

Profit, their revenue is almost 80 billion. Fines like this should be certainly based on revenue rather than profit, though (like the EU does it)


Why should they be based on revenue rather than profit? (I'm not disagreeing, interested to understand your reasoning)

Businesses can strategically reduce taxable income. Gross revenue is less malleable.

No the person you were replying to, but my reason is that revenue is before expenses. The fine actually has to cost the company money for it to mean anything.

It’s $8.3B in net income (so profit) - see slide 4 in this PDF: https://s29.q4cdn.com/310188824/files/doc_financials/2023/ar...

The equivalent of about $200 for someone making $100,000/yr

FCC: "That'll teach 'em"

My guess is that the FCC doesn't have a ton of discretion here. They probably have to follow the law. And no doubt an "unreasonbly" large fine would be challenged in court and probably overturned, so this may be the best they can do.

And/or lobbying has made the fines very small


Why the fuck do we have to give out our personal information to any of these big companies if I can't trust that it will ever be safe-guarded? This is just so fucking insane to me to think these companies are just so big that they don't even give a fuck anymore. $16M is equivalent to $1.00 to them.

Our personal information/data should be given HIPAA-level protection enforced by the government. We as consumers should not have to deal with companies who do not compete on securing their customer's data. They should lose a "data protection" license when mishandling it, like a bar losing its liquor license.


Because we are “free” to “choose” who we do business with. Nevermind that many essential services are run by legal cartels.

And Tmobile has more lobbyists than you do. But you, an individual, are also “free” to lobby the government as much as you wish.

Thusly, the system is fair and balanced on paper.


This is a reason to get service through a MVNO. No Social Security Number required means no SSN to leak.

What a joke. Why would they stop? The US needs privacy as a right for its citizens. This is so disheartening.

These "breaches" are such a regular occurrence for T-Mobile that one could suppose that they are intentional and that T-Mobile may be getting paid for the data, kinda like a side hustle, where they constantly troll for n00b customers who either haven't been part of a previous breach or who have managed to lay aside their disgust and take the low price deal so they can get pwned again.

If I ran the show I'd bankrupt the company and its management.

Never attribute an unfortunate outcome to incompetence when the possibility exists that it was caused by greed.


plot twist, the buyer is a world government and it's a psyop /s



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: