T-Mobile will pay a record-breaking $60 million settlement to resolve allegations of undisclosed and mishandled data breaches that occurred following its 2020 merger with Sprint. The penalty, imposed by the Committee on Foreign Investment in the United States (CFIUS), is the largest of its kind to date.

The company is accused of violating national security agreements by failing to disclose and adequately address multiple data breaches involving sensitive information. These lapses, according to CFIUS, hindered its ability to mitigate potential risks to national security.

While T-Mobile has experienced high-profile data breaches impacting millions of customers in recent years, the issues at the core of this settlement relate to internal data security failures rather than consumer data compromises.

The unprecedented fine marks a significant departure from CFIUS’s typical practice of maintaining confidentiality in such matters. The agency’s decision to publicly name T-Mobile serves as a strong deterrent to other corporations, emphasizing the critical importance of adhering to national security requirements.