FCC urges telecom companies to quickly report data breaches

U.S. Federal Communications Commission aims to improve federal law enforcement, modernize the breach notification requirements for telecom companies and notify customers about security breaches more quickly.

FCC’s proposal ( January 2022) includes the removal of the mandatory seven-day period telecoms must observe before notifying consumers about a data breach.

Additionally, the Commission asks telecommunications companies to notify several federal agencies including the FBI and Secret Service about any significant breaches.

FCC Chair Jessica Rosenworcel that she proposed to end the seven-day mandatory wait period prior to notifying customers. She also required the reporting of data breaches that could be considered harmful and inadvertent.

The FCC proposes to clarify its rules and require carriers to notify consumers of inadvertent breaches. Additionally, notification must be required to all reported breaches to FCC, FBI and U.S. Secret Service,” stated in separate press release.

In 2007, the Commission adopted the first rule that required telecoms providers and interconnected VoIP providers be alerted by federal law enforcement agencies to inform their customers about data breaches.

FCC data breach regulations are fifteen years old. It is time for an update. This is the time to get started.

— Jessica Rosenworcel (@JRosenworcel)

Recent telecom hacks have shown that FCC data breach rules must be updated to align with other federal and state laws.

Comcast Xfinity customers claimed that in December their accounts had been , bypassing 2-factor authentication.

Verizon informed prepaid customers in October that accounts and that credit card information was being used for SIM swapping.

T-Mobile also suffered at least seven data breaches between 2018 and 2018, the latest being disclosed by , stealing proprietary T-Mobile code. According to reports,

AT&T also paid $25,000,000 in April 2016 for an FCC investigation that affected hundreds of thousands of customers.

Rosenworcel stated that while the law obliges carriers to protect sensitive consumer data, but given the rise in sophistication and size of data breaches, it is necessary to update our rules and improve reporting requirements to safeguard consumers.

This new proceeding will provide a needed, refreshing look at our data-breach reporting rules in order to better protect consumers, improve security and lessen the potential impact of future breaches.