As part of the agreement, TMobile has to harden IT security and show proof (e.g., CISO who reports regularly to feds, adoption of Zero Trust, adoption of minimal data retention policy). Why TMobile must have their hand held like this is beyond me.
To your point, $16M is surely not a big fine for such a big company though, but I do think it's important not conflate profit and revenue when evaluating fines.
Generally speaking, I would love to see some much harsher penalties for negligence with data. I want companies to start seeing customer data as a liability, not as an asset, and I don't think that will happen until f**k-ups starts really making a dent in the bank account.
I still think the C-suite won't care unless the cleanup/penalty costs get pulled directly from their bonus before anywhere else. Otherwise it will just be "oops, I tanked this business, better luck at the next one."
No the person you were replying to, but my reason is that revenue is before expenses. The fine actually has to cost the company money for it to mean anything.
My guess is that the FCC doesn't have a ton of discretion here. They probably have to follow the law. And no doubt an "unreasonbly" large fine would be challenged in court and probably overturned, so this may be the best they can do.
Why the fuck do we have to give out our personal information to any of these big companies if I can't trust that it will ever be safe-guarded? This is just so fucking insane to me to think these companies are just so big that they don't even give a fuck anymore. $16M is equivalent to $1.00 to them.
Our personal information/data should be given HIPAA-level protection enforced by the government. We as consumers should not have to deal with companies who do not compete on securing their customer's data. They should lose a "data protection" license when mishandling it, like a bar losing its liquor license.
These "breaches" are such a regular occurrence for T-Mobile that one could suppose that they are intentional and that T-Mobile may be getting paid for the data, kinda like a side hustle, where they constantly troll for n00b customers who either haven't been part of a previous breach or who have managed to lay aside their disgust and take the low price deal so they can get pwned again.
If I ran the show I'd bankrupt the company and its management.
Never attribute an unfortunate outcome to incompetence when the possibility exists that it was caused by greed.
T-Mobile earned $8 billion in 2023. Some division later, that works out to $21,000,000 per day.
They were fined less than one day's income. If I owned that company, increasing IT security would be near the bottom of my list of priorities.
reply