Telcos to Report Data Breaches in under 7 Days to Better Protect Consumers Against Cyber Threats

The US Federal Trade Commission wants telecom operators to report data breaches to their customers more swiftly so consumers can better protect their data and digital identity.

New notification requirements

Wireless operators in America currently enjoy a window of seven business days before they have to report a data breach to end users, but the FCC feels that period leaves affected parties at risk.

“The Federal Communications Commission today launched a proceeding to strengthen the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI),” reads the announcement.

“Today’s action seeks to better address telecommunications carriers’ breach notification requirements.”

The aim is to better align telcos with other sectors in light of recent developments in federal and state data breach laws.

As such, the FCC proposes eliminating the current seven-business-day mandatory waiting period for notifying customers of a breach, as well as a revamp of rules involving the way carriers disclose the affected data to customers.

Actionable information for end users

When specific categories of data are breached, for example, telcos might soon have to offer actionable information that consumers can use to better protect themselves against cyber threats like fraud, phishing, identity theft and impersonation.

The FCC also proposes to make consistent revisions to the commission’s telecommunications relay services (TRS) data breach reporting rule.

“The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” said FCC Chairwoman Jessica Rosenworcel. “This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”

Telcos in the hackers’ crosshairs

Wireless operators are notorious for holding troves of personal and financial data from millions of loyal customers, which makes them hot targets for malicious actors.

In March 2022, T-Mobile users - including a number of prospective customers - were warned to watch out for signs of identity theft. The warning came after several people received alerts that their information was circulating online following a data breach.

In October 2022, Verizon saw it necessary to warn prepaid customers that their accounts had been breached. Attackers had accessed Verizon accounts using the last four digits of the victims’ credit cards and attempted to process unauthorized SIM card changes.

Also in 2022, Australian telecoms giant Optus disclosed that hackers stole the data of nearly 10 million customers in a massive cyber incident.

Bitdefender Digital Identity Protection scans the web for unauthorized leaks of your personal data, monitoring whether your accounts are exposed and making it easy to take action before disaster strikes.

US citizens can opt for Bitdefender Identity Theft Protection which not only offers continuous monitoring of your identity, privacy and credit status, but also identity theft insurance of up to $2 million.