FCC Requires Telecom & VoIP Providers to Report PII Breaches

The Commissions breach rules for voice and wireless providers, untouched since 2017, have finally been updated for the modern age.

Starting next month, telecom and VoIP providers will have to issue data breach notifications to customers whenever theres personally identifiable information (PII) caught up in a cyber incident.
Thats according to new rules issued yesterday by the Federal Communications Commission (FCC), which will now also require carriers and service providers to report breaches to the FCC, the FBI, and the Secret Service within seven days of discovery.
The Commissions definition of PII is broad
and encompasses not only names, contact information, dates of birth, and Social Security numbers, but also biometrics and a slew of other data.
Previously, the FCC required customer notifications only when
Customer Proprietary Network Information (CPNI)
data was impacted; CPNI can be thought of as phone bill information, i.e., subscription plan data, usage charges, numbers called or messaged, and so on.
The Commission believes that the unauthorized exposure of sensitive personal information … is reasonably likely to pose risk of customer harm, according to
the FCCs new data breach rules
. Consumers expect that they will be notified of substantial breaches that endanger their privacy, and businesses that handle sensitive personal information should expect to be obligated to report such breaches.
Phone providers are off the hook for contacting customers, however, if they can reasonably determine the incident is unlikely to harm the customers, though the definition of a breach has been expanded by the agency to include inadvertent access, use, or disclosure of customer information.
The last update to the FCCs breach reporting requirements was 16 years ago.
The
pervasiveness of data breaches
and the frequency of
breach notifications
have evolved and increased since the Commission first adopted its breach notification rule in 2007,
according to the FCC
. It added, This rising tide of data breaches has
affected the telecommunications sector
as well. As the Electronic Privacy Information Center (EPIC) points out, the proprietary information of subscribers of each of the three largest carriers has been breached at least once within the last five years.
Most recently, a
Verizon insider threat breach
revealed earlier this month exposed information for tens of thousands of employees;
T-Mobile saw three different customer breaches
in 2023; and a vendor breach last March led to the exposure of data
for 9 million AT&T wireless customers
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
FCC Requires Telecom & VoIP Providers to Report PII Breaches