Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Dear AT&T.
proxy-image
, says the government.

Yet, we as consumers are the ones getting harmed.
Who pays the fine at the end? You and me.
 
Always keep your credit frozen, including with Chex systems (banks use Chex for opening checking/savings accounts).

At this point, an SSN number should just be considered public data by individuals, and you should expect that someone is going to try and use it. Best you can is lock down your credit.
 
They should also directly target fines to the executive officers involved. That way the feel the real burden of their own actions. Fining the company is nice in theory but in reality the fine will be moved to the consumer.
I said pretty much this last year. Fining a company doesn’t do anything. Fine the people who are in charge: and then put in place a clause if they get a bonus within 3 years or so take that too and give it back to the people effected.
 
  • Love
Reactions: Student of Life
Exactly. I'm very much a free-market capitalist but corporations have too much power and influence and too little accountability, in the US today. This "penalty" and all other fines/penalties like this, should go DIRECTLY to the customer.
My information was also part of the breach. The consumer protections in America are a joke.
The protections aren't a joke, they're practically nonexistent. There needs to be a modern standard in place (please correct me if one exists) for any sort of data handling. I don't care how innocuous the vendor makes the data sound. I also understand the reality of the cat-and-mouse game of protecting data and hacking, but there needs to be some serious accountability when these breaches occur. Criminal negligence penalties would be a start. Also, privacy policies and TOS need to be changed. It's ridiculous that I can agree to some minor data collection one year, and terms change the next so now I'm part of forced arbitration when the breach comes around.
 
I really don't get it.

Why is it that companies are allowed to take your personal data (this part is understandable for original identity verification), and then turn around, and instead of purging it, they sell it to another company.

Your Social Security number doesn't need to be stored on an account after you sign up for something. It shouldn't even be used as a security verification method after the fact because it's an unreliable method to verify someone later on. Spouses know each other's Social Security number, so how does this method keep an account safe after the relationship goes sour? People lose their Social Security cards and someone else can find them and use the information printed on it.

2FA with a text that has either a PIN or a written password is the most reliable method to verify someone later on if you need to access an account. Need more security? Pull questions from Lexus Nexus.
 
And how will the 60 million be used? will it go directly to helping the people (potentially) affected? Companies need to start being liable and responsible for the stewardship of the data they store. If it leaks they should be providing all potentially affected people with a lifetime of credit monitoring, and pay for services to recover from identity theft for life.

As it is, these companies just consider this kind of action a "cost of doing business" and have little incentive to be worried about serious ramifications.
If fines started being $100 billion, companies would open their ears a bit more. These pity little fines do nothing.
 
It’s going to take a lot before we’ll get the attention of Big Business. Big fines against individual corporate officers is a nice start. But put one or two companies out of business for data breaches and you’ll have the corporate world tripping all over itself to provide real protection. Until then, protecting customers/consumers will be considered “ too expensive” for business.
 
Great, $60 million to CFIUS, $0 million to the people actually harmed. Fines are becoming cash cows for the other entities. That fine will not be paid by T-Mobile, but by the users through increased rates. The CFIUS effectively fined the users.
Negative, seeing as $.05 a month for a year per customer would cost more to implement. The key difference is that TMobile is a service. Every single customer can choose to leave and go to another provider. It will come out of the $14.6B reserve they are sitting on, especially since they just started paying dividends. The fine is .08% of their yearly income they aren't worried and they most likely will appeal the fine, get it cut in half and request a payment timeline over the course of 5-7 years, like almost every other company that has been fined.
 
a quick Google search reveals:
"How Does Total Compensation For Mike Sievert Compare With Other Companies In The Industry? Our data indicates that T-Mobile US, Inc. has a market capitalization of US$209b, and total annual CEO compensation was reported as US$37m for the year to December 2023"
$60M fine is way too low
 
And how will the 60 million be used? will it go directly to helping the people (potentially) affected? Companies need to start being liable and responsible for the stewardship of the data they store. If it leaks they should be providing all potentially affected people with a lifetime of credit monitoring, and pay for services to recover from identity theft for life. As it is, these companies just consider this kind of action a "cost of doing business" and have little incentive to be worried about serious ramifications.
I guess it's a given that they'll store our info, that the hacks will continue, our pampered executives will not care one bit, and regulation & law will continue to maintain the interest of the wealthiest scumbags and hang the filthy plebs out to dry. We should expect that, this is the failed 18th century British colony we live in. Fine. That being the case, perhaps an accelerationist approach is worth considering? Economically incentivize them to hoover up and be careless with as much info as possible and relentlessly sue the ever loving hell out of them for every bit of it, to the point of badgering them with lawsuits that cross the line into the frivolous. At some point, legal fees will be the only thing to cost them enough that it'll be cheaper to just not collect & store data on anyone.

Then we'll go after the engineers who thought it was a good idea to build internet services this way.
 
They should also directly target fines to the executive officers involved. That way the feel the real burden of their own actions. Fining the company is nice in theory but in reality the fine will be moved to the consumer.
Exactly this. People don’t understand that fines and taxes against the corporation are fines and taxes against their customers. Basically they fined T-Mobile customers for T-Mobile losing their data.
 


T-Mobile was fined $60 million by the Committee on Foreign Investment in the US (CFIUS) for negligence surrounding data breaches, reports Reuters. CFIUS penalized T-Mobile for failing to prevent or disclose unauthorized access to sensitive customer data.

T-Mobile-Generic-Feature-Pink-1.jpg

When T-Mobile merged with Sprint, it signed a national security agreement with CFIUS, which is what led to the fine earlier this year. T-Mobile is owned by German company Deutsche Telekom, and T-Mobile agreed to protect consumer data as part of the Sprint acquisition. Back in 2021, T-Mobile suffered a major breach that impacted over 100 million of its users, just a year after it acquired Sprint.

CFIUS does not typically name the companies that it fines, but T-Mobile has been called out in an effort to push companies to comply with national security rules associated with acquisitions.T-Mobile told Reuters that it experienced technical issues when integrating with Sprint, which affected information from "a small number of law enforcement information requests." T-Mobile claims to have swiftly dealt with the issue and reported it "in a timely manner."

CFIUS said that T-Mobile's lack of timely reporting prevented CFIUS from investigating and mitigating potential harm to U.S. national security.

Article Link: United States Fines T-Mobile $60 Million for Failing to Prevent Unauthorized Access to Sensitive Customer Data
But TM will ask me to pay more for the same old thing under a fancy new name and offer bennie’s that ain’t all that much. And what’s this crap with best bennie’s for 2 lines or more. Bite me…. Penalized for choosing to be single.
 
100 million users impacted, $60 million fine… your privacy is worth 60 cents per user. Okay.
Since it’s their second major offense, why not more like $5B; or a maybe year of profit (9.8B, no dividends to investors). then maybe they will prioritize putting security in the forefront… and if negligence is involved, add some jail time for exectivrs.
Then maybe they will take your privacy more seriously.
 
  • Like
Reactions: Biro
100 million users impacted, $60 million fine… your privacy is worth 60 cents per user. Okay.
Since it’s their second major offense, why not more like $5B; or a maybe year of profit (9.8B, no dividends to investors). then maybe they will prioritize putting security in the forefront… and if negligence is involved, add some jail time for exectivrs.
Then maybe they will take your privacy more seriously.
A nice start. If that doesn’t work, the government should seize the company and shut it down.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.