T-Mobile Faces Regulatory Scrutiny After Hack

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

A Federal Communications Commission probe into the hack of

T-Mobile US Inc.

is the agency’s first high-profile cyber inquiry under a Biden administration that has promised to more aggressively police companies’ security standards and privacy safeguards.

The hack, which T-Mobile disclosed on Monday, hit a communications sector in which cyber oversight is spread across federal agencies, including the FCC, which has taken a largely hands-off approach to data security in recent years. But U.S. officials this year have signaled a new willingness to use regulatory power to shore up the cyber defenses of critical infrastructure.

“Telecommunications companies have a duty to protect their customers’ information,” an FCC spokeswoman said on Wednesday, declining to comment further.

A T-Mobile representative didn’t respond to a request for comment on the inquiry.

The FCC’s cybersecurity guidelines are largely voluntary, with agency officials producing recommendations for best practices. The Transportation Security Administration took a similar approach to pipeline cyber standards until the hack of Colonial Pipeline Co. in May. Since then, the agency has rolled out first-of-their-kind regulations, including a requirement that pipeline operators report cyberattacks.

While the T-Mobile hack didn’t disrupt U.S. communications networks, the company said on Wednesday that hackers stole personal data like Social Security and driver’s license numbers on about 48 million people.

The Federal Trade Commission has investigated other personal data breaches, including the 2017


hack that concluded with a settlement of at least $575 million. The agency, which in…