The FCC Wants to Make Telecom Carriers Disclose Hacks Sooner

The days when you learn about a data breach affecting your personal information months after the fact could soon be a thing of the past – at least when it comes to hacks affecting telecommunications Carrier. The Federal Communications Commission has proposed a new rulewhich obliges telephone and Internet providers to inform customers of violations much more quickly.

“This new process will provide a much-needed fresh look at our data breach notification rules to better protect consumers, increase security and reduce the impact of future breaches,” said FCC Chairwoman Jessica Rosenworcel in a press statement. Although state laws, such as those in California, have more recent and stringent standards, the federal rule that already exists is 15 years old and likely in dire need of an update.

Currently, there is a federally mandated minimum waiting time of seven business days between discovering a violation and when businesses can notify their customers. The FCC-recommended change would remove that waiting period and instead require carriers to notify customers of hacks and other security issues “without undue delay after discovery.”

In other words, the amount of time between when hackers get hold of someone’s sensitive information and when those affected learn about it could become much shorter – making it easier to take early protection measures such as blocking credit cards or seize change passwords.

The reason for this 7-day waiting period is that Telekom Businesses will have time to report violations to the “relevant investigative authorities” before telling customers, according to the proposal, so that investigative authorities can assess the risk to the public. However, hackers are targeting telecommunications transport companies more than ever before and what is at stake for the public is becoming ever clearer.

We live almost all of our lives on our phones or through the internet and telecommunications Businesses have extensive information about their customers, including (but not limited to) call details, location, hardware details, and billing and financial information. Stolen data can be bought and sold on the dark web in an instant, exposing victims to the risk of identity theft and other serious financial and personal repercussions.

“In the telecommunications industry, the public has suffered an increasing number of security breaches of customer information in recent years,” the proposed rule reads. Data breaches in all sectors increased by 70% in the last few months of 2022 alone an analysis from Infosecurity Magazine.

And before that it was pretty bad. 2021, found a separate analysis that more than 13 different global telecommunications Vendors were infiltrated by a single hacker group in just two years. Both T Mobile and AT&T alleged to have suffered Data hacks affecting millions of customers, exposing sensitive data like social security numbers and driver’s license information. AT&T denied any injury, but T-Mobile ended settle for $500 million about his own incident. Previously, T-Mobile customers were victims of similar violations 2019 and 2015.

Gizmodo reached out to T-Mobile, AT&T, Verizon, and Comcast to see what the US’s largest telecom carriers thought of the FCC proposal, but none of the companies responded immediately.

In addition to ensuring that customers learn about hacks more quickly, the proposed change would also broaden the definition of data breaches, among other small adjustments. Accidental or unintentional disclosures of customer information would now fall under the heading of data breaches. So if a carrier makes mistakes – even without external interference – he would have to notify customers.

But rolling out these changes isn’t 100% easy. The FCC proposal raises concerns about the jeopardy of criminal investigations if carriers are forced to immediately notify customers of violations. As a loophole, the new rule could allow federal agencies to delay notices by up to 30 days — which wouldn’t exactly solve the timeliness problem. The Commission is also working on how to deal with smaller hauliers and whether/how to introduce a deadline for the notification period. In addition, the FCC is soliciting public comment on whether security breach notifications should include specific information about what has been leaked and how best to deal with it. Soon the proposal will be open for comment and you can give the FCC your opinion.