Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements.
FCC's final rule follows several proposals published in January 2024, one year earlier in January 2023, and first circulated in January 2022, focused on modernizing the commission's breach notification rules so that telecom carriers have to notify customers of security breaches as fast as possible.
The U.S. communications regulator also removed the obligatory waiting period for carriers to inform customers, mandating them to promptly notify customers of breaches involving covered data after alerting relevant federal agencies.
The notification delay must not exceed 30 days after a breach is identified unless a longer delay is mandated by law enforcement.
Massive telecom data breaches in recent years have highlighted the need to update the FCC's data breach rules to align them with federal and state data breach laws that apply to other sectors.
In December 2022, widespread attacks bypassed two-factor authentication and hijacked Comcast Xfinity customers' accounts.
Two months earlier, Verizon notified prepaid customers of a breach that exposed their credit card information, later used in SIM swapping attacks.
T-Mobile has also been hit by at least nine breaches since 2018, with the most recent one-and the least damaging-being disclosed in May 2023 after threat actors had access to the personal information of hundreds of customers for more than a month since February 2023.
In January 2023, T-Mobile alerted customers of another data breach after the sensitive info of 37 million individuals was stolen by abusing one of its Application Programming Interfaces.
Finally, in April 2016, AT&T paid $25 million to settle an FCC investigation into three data breaches that impacted hundreds of thousands of customers.
The FCC adopted its first rule requiring telecoms and VoIP providers to notify federal law enforcement agencies and their customers of any data breaches.
Verizon insider data breach hits over 63,000 employees.
Trezor support site breach exposes personal data of 66,000 customers.
Mint Mobile discloses new data breach exposing customer data.
Panasonic discloses data breach after December 2022 cyberattack.
Ukraine's largest mobile carrier Kyivstar down following cyberattack.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 12 Feb 2024 21:55:16 +0000