T-Mobile US, Inc. Fined $60 Million by CFIUS for Data Breach Violations

The Committee on Foreign Investment in the United States (CFIUS) has made headlines with the announcement of a $60 million fine on T-Mobile US, Inc. The hefty penalty comes after a series of unauthorized data access incidents that occurred between August 2020 and June 2021, in violation of a national security agreement (NSA) that T-Mobile had entered into as part of its merger with Sprint Corporation.

CFIUS, the U.S. government agency responsible for reviewing foreign investments, approved the merger between T-Mobile and Sprint with the NSA in place to mitigate potential national security risks. However, T-Mobile failed to uphold its end of the agreement by not implementing sufficient measures to prevent unauthorized data access and failing to report incidents promptly.

The agency determined that these breaches harmed the national security interests of the United States, leading to the unprecedented $60 million penalty. This fine marks the largest penalty imposed by CFIUS to date, emphasizing the agency’s commitment to holding companies accountable for national security violations.

In light of this enforcement action, the U.S. Treasury Department unveiled a new CFIUS enforcement website to provide greater transparency into the committee’s compliance and enforcement efforts. Assistant Secretary of the Treasury for Investment Security Paul Rosen emphasized the importance of accountability in protecting national security, highlighting CFIUS’s increased focus on enforcement.

With the T-Mobile penalty being the largest civil monetary penalty disclosed directly by name on the updated website, CFIUS is sending a strong message to companies about the consequences of failing to meet their national security obligations. The agency’s efforts to increase transparency and enforcement demonstrate its dedication to safeguarding the national security interests of the United States.