FCC orders telecom carriers to report PII data breaches within 30 days

Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements.
FCC's final rule follows several proposals published in January 2024, one year earlier in January 2023, and first circulated in January 2022, focused on modernizing the commission's breach notification rules so that telecom carriers have to notify customers of security breaches as fast as possible.
The U.S. communications regulator also removed the obligatory waiting period for carriers to inform customers, mandating them to promptly notify customers of breaches involving covered data after alerting relevant federal agencies.
The notification delay must not exceed 30 days after a breach is identified unless a longer delay is mandated by law enforcement.
Massive telecom data breaches in recent years have highlighted the need to update the FCC's data breach rules to align them with federal and state data breach laws that apply to other sectors.
In December 2022, widespread attacks bypassed two-factor authentication and hijacked Comcast Xfinity customers' accounts.
Two months earlier, Verizon notified prepaid customers of a breach that exposed their credit card information, later used in SIM swapping attacks.
T-Mobile has also been hit by at least nine breaches since 2018, with the most recent one-and the least damaging-being disclosed in May 2023 after threat actors had access to the personal information of hundreds of customers for more than a month since February 2023.
In January 2023, T-Mobile alerted customers of another data breach after the sensitive info of 37 million individuals was stolen by abusing one of its Application Programming Interfaces.
Finally, in April 2016, AT&T paid $25 million to settle an FCC investigation into three data breaches that impacted hundreds of thousands of customers.
The FCC adopted its first rule requiring telecoms and VoIP providers to notify federal law enforcement agencies and their customers of any data breaches.
Verizon insider data breach hits over 63,000 employees.
Trezor support site breach exposes personal data of 66,000 customers.
Mint Mobile discloses new data breach exposing customer data.
Panasonic discloses data breach after December 2022 cyberattack.
Ukraine's largest mobile carrier Kyivstar down following cyberattack.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 12 Feb 2024 21:55:16 +0000


Cyber News related to FCC orders telecom carriers to report PII data breaches within 30 days

FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
10 months ago Bleepingcomputer.com
T-Mobile pays $31.5 million FCC settlement over 4 data breaches - "With companies like T-Mobile and other telecom service providers operating in a space where national security and consumer protection interests overlap, we are focused on ensuring critical technical changes are made to telecommunications networks to ...
2 months ago Bleepingcomputer.com
Critical insights into Australia's supply chain risk landscape - Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as ...
9 months ago Tripwire.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
FCC Requires Telecom, VoIP Providers to Report PII Breaches - Starting next month, telecom and VoIP providers will have to issue data breach notifications to customers whenever there's personally identifiable information caught up in a cyber incident. That's according to new rules issued yesterday by the ...
10 months ago Darkreading.com
Ted Cruz wants to stop the FCC from updating data-breach notification rules - Sen. Ted Cruz and other Republican senators are fighting a Federal Communications Commission plan to impose new data-breach notification requirements on telecom providers. In a letter sent to FCC Chairwoman Jessica Rosenworcel today, the senators ...
1 year ago Arstechnica.com
AI-generated voices in robocalls now illegal - The ruling, which takes effect immediately, makes voice cloning technology used in common robocall scams targeting consumers illegal. This would give State Attorneys General across the country new tools to go after bad actors behind these nefarious ...
10 months ago Helpnetsecurity.com
Tell the FCC It Must Clarify Its Rules to Prevent Loopholes That Will Swallow Net Neutrality Whole - The Federal Communications Commission has released draft rules to reinstate net neutrality, with a vote on adopting the rules to come on the 25th of April. The FCC needs to close some loopholes in the draft rules before then. Net neutrality is the ...
8 months ago Eff.org
HackersEra Launches Telecom Penetration Testing to Eliminate Cyber Threats - Cybercriminals have attacked telecom infrastructure, particularly as it shifts to an IP-based design with the introduction of Long-Term Evolution networks, also referred to as LTE or 4G. Persistent attackers could spy on users' cellular networks and ...
1 year ago Cysecurity.news
FCC partners with four states on privacy and data protection enforcement - The Federal Communications Commission's privacy and data protection task force will begin partnering with four state governments to strengthen enforcement investigations and pool resources, FCC Chairwoman Jessica Rosenworcel announced Wednesday. The ...
1 year ago Therecord.media
FCC reminds mobile phone carriers they must do more to prevent SIM swaps - The Federal Communications Commission is warning mobile phone service providers to ensure they are shielding customers from cybercriminals who use fraudulent SIM swaps to take over unwitting victims' mobile phone accounts. The warning comes on the ...
1 year ago Therecord.media
FCC reveals Royal Tiger, its first tagged robocall threat actor - The Federal Communications Commission has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall ...
7 months ago Bleepingcomputer.com
FCC designates first robocall threat actor under new classification system - The Federal Communications Commission on Monday put an entity it is calling Royal Tiger in its crosshairs for facilitating fraudulent robocalls across international networks, making it the first group targeted through a new threat analysis and ...
7 months ago Therecord.media
FCC adopts new rules to protect consumers from SIM-swapping attacks - The Federal Communications Commission has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud. FCC's Privacy and Data Protection Task Force introduced the new regulations in ...
1 year ago Bleepingcomputer.com
FCC proposes 3-year cybersecurity pilot for schools, libraries - Dive Brief: The Federal Communications Commission this week proposed a three-year pilot program to study how the agency's Universal Service Fund can help schools and libraries fight cybersecurity threats. The pilot program, which would cost up to ...
1 year ago Cybersecuritydive.com
FCC adopts lead generation rules to protect consumer privacy - The Federal Communications Commission adopted rules for the Telephone Consumer Protection Act that aim to protect consumers against robocalls and robotexts from lead generation and comparison shopping websites and give consumers the ability to choose ...
11 months ago Techtarget.com
FCC Warns Carriers to Protect Customers Against SIM Swaps - A month after issuing new rules to push back against SIM-swap and similar schemes, the Federal Communications Commission is warning mobile phone service providers of their obligations to protect consumers against the growing threat. SIM swapping - ...
1 year ago Securityboulevard.com
Preventing PII Leakage through Text Generation AI Systems - Do an online search for ways to bypass text generation AI security filters, and you will find page after page of real examples and recommendations on how one can trick them into giving you information that was supposed to be blocked. This remains ...
1 year ago Securityboulevard.com
Accused data peddler faces prison for running fraud op The Register - A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud. An underground TLO service is based on the idea ...
10 months ago Theregister.com
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches - An Apple-commissioned report this week has highlighted once again why analysts have long recommended the use of end-to-end encryption to protect sensitive data against theft and misuse. The report is based on an independent study of publicly reported ...
1 year ago Darkreading.com
T-Mobile reaches $31.5M breach settlement with FCC | TechTarget - "With companies like T-Mobile and other telecom service providers operating in a space where national security and consumer protection interests overlap, we are focused on ensuring critical technical changes are made to telecommunications networks to ...
2 months ago Techtarget.com
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
7 months ago Infosecurity-magazine.com
Data Loss Prevention for Business: Strategies and Tools - Data Loss Prevention has become crucial in today's data-driven business landscape to protect sensitive information. This discussion aims to provide valuable insights into DLP strategies and tools for business, helping mitigate data loss risks ...
10 months ago Securityzap.com
AI-Powered Robocalls Banned Ahead of US Election - The US Federal Communications Commission has introduced a ban on robocalls that contain voices generated by AI to protect US voters from spamming ahead of the November presidential election. Callers must obtain prior express consent from the called ...
10 months ago Infosecurity-magazine.com
Record Surge in Data Breaches Fueled by Ransomware and Vendor Exploits - According to a recent report from Apple and a Massachusetts Institute of Technology researcher, the United States has witnessed a record-breaking surge in data breaches, fueled by increased attacks on third-party vendors and a rise in aggressive ...
1 year ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)