The CFIUS is an inter-agency committee that oversees transactions involving foreign investment in the US for potential national security issues. Its approval was required for T-Mobile’s takeover of Sprint, as Japan’s SoftBank owned most of Sprint and Germany’s Deutsche Telekom was a majority shareholder of T-Mobile.
CFIUS said that between August 2020 and June 2021, T-Mobile failed to take the required measures to prevent unauthorized access to certain sensitive data. On top of that, the company failed to disclose the issue in a timely manner, thereby delaying its efforts to investigate and mitigate any potential harm to national security assets.
According to CFIUS, these violations compromised the national security interests of the country. T-Mobile has since worked with the committee to improve its compliance procedures and has pledged to continue working with it to ensure compliance with its obligations going forward and “help keep the country and our customers safe.”
T-Mobile explained that the technical issues it experienced during the integration phase of the Sprint merger were behind the incidents. They were related to unauthorised access to some of the information that was shared with law enforcement agencies upon their request.
This is the first time that CFIUS revealed the name of a company that it has fined. It has never imposed a fine as big as this on any company before. US officials are setting an example of sorts by announcing the penalty, reinforcing Cfius’s commitment to holding companies accountable to their obligations.