The Committee on Foreign Investment in the United States (CFIUS) has recently taken action against T-Mobile US, Inc., imposing a $60 million fine due to unauthorized data access incidents that occurred between August 2020 and June 2021. These incidents violated a crucial provision of a national security agreement (NSA) that T-Mobile had agreed to as part of its merger with Sprint Corporation in 2020.
CFIUS approved the merger under the condition of the NSA, which was designed to address potential national security risks. However, T-Mobile failed to comply with the agreement by not implementing sufficient measures to prevent unauthorized access to sensitive data and failing to promptly report incidents as required.
As a result, CFIUS determined that these breaches of the NSA had a detrimental impact on the national security interests of the United States. This $60 million fine is the largest penalty ever imposed by CFIUS, emphasizing the seriousness of the violations committed by T-Mobile.
In response to these enforcement actions, the U.S. Treasury Department, which oversees CFIUS, launched a new CFIUS enforcement website to increase transparency and provide the public and investors with more information about the committee’s compliance efforts. Assistant Secretary of the Treasury for Investment Security Paul Rosen emphasized the importance of accountability in protecting national security.
The updated website now includes details on all civil monetary penalties imposed by CFIUS in recent years, highlighting the increase in enforcement actions taken by the committee. In fact, CFIUS has issued three times more penalties in the years 2023 and 2024 than it had in its entire history, underscoring its commitment to holding companies accountable for their actions.
This heightened focus on enforcement and accountability is intended to ensure that companies fulfill their commitments to protect national security. Failure to do so, as in the case of T-Mobile, will result in significant consequences, as evidenced by the $60 million penalty imposed by CFIUS.
Overall, CFIUS’s actions against T-Mobile serve as a clear message to all companies operating in the United States that compliance with national security agreements is non-negotiable. By increasing transparency and enforcing penalties, CFIUS aims to safeguard the country’s interests and hold companies accountable for any breaches that may jeopardize national security.