- The Federal Communications Commission is proposing changes to bolster data breach regulations for the U.S. telecommunications industry, including faster notification to customers and stronger law enforcement.
- The proposed regulations would cut the seven business day waiting period for customer notification, force firms to report inadvertent breaches and require companies immediately notify the FCC, the FBI and the U.S. Secret Service of a breach.
- "With data breaches increasing in frequency sophistication and scale, and the consequences for consumers lasting long after leaks of personal information take place, I think it's time for the FCC to modernize and clean up its data breach policies," Rosenworcel said on Twitter Wednesday.
The proposed breach reporting regulations follow a series of major breaches in the telecom industry, most notably the August attack against T-Mobile, the nation's second-largest wireless carrier.
During that attack, the records of 7.8 million current postpaid customers and more than 40 million former or prospective customers were accessed. Stolen data included dates of birth, social security numbers and driver's license information. Another 5.3 million postpaid customers were impacted, but did not have driver's license and social security numbers stolen.
T-Mobile confirmed in December it was hit by a SIM swapping attack, which impacted a much smaller number of customers.
A spokesperson for the FCC said the new breach requirements would better align the agency with recent changes in federal and state breach reporting requirements in other sectors.
The industry is considered highly vulnerable to cyberattacks, in part because wireless and broadband companies have so much information about the personal and financial habits of their customers. The telecom industry was among the most frequently targeted industries by ransomware operators during the second quarter of 2021, according to research by McAfee Enterprise.
"The telecom industry is the backbone of the digital world," Katell Thielemann, Gartner research VP, said via email. "As such, telecom providers are very much high value targets, and also highly vulnerable because of their complex, vast and geographically dispersed technology environment full of IT systems, cyber physical systems and enormously complex supply chains."
Sinclair Broadcast was hit by a high profile ransomware attack in October that disrupted live broadcasts and Cox Media Group was hit by a ransomware attack in June. Visible, a prepaid carrier backed by Verizon, also reported a data breach in October. A spokesperson for Verizon said the company was reviewing the proposed regulations and would have no comment at this time. AT&T and T-Mobile were not immediately available for comment.