The Weekly Breach Breakdown: Dialing Back Security – The FCC Cybersecurity Vote

Summary 

• The Federal Communications Commission (FCC) plans to vote this month on whether to eliminate FCC cybersecurity requirements for U.S. telecom carriers. The proposal would undo rules adopted earlier this year after widespread cyberattacks on telecom networks. 
• The FCC’s January declaration required telecom companies to develop cybersecurity plans to prevent intrusions, protect communications and reduce supply chain risks. The move followed China’s Salt Typhoon hacking campaign, one of the most damaging espionage incidents in U.S. history. 
• Current FCC Chair Brendan Carr argues the FCC cybersecurity rules are ineffective and exceed the agency’s authority, proposing a voluntary, “targeted” approach to cybersecurity instead. Critics warn that the change would leave telecoms with no mandatory federal security standards. 
• Hours after Carr announced the rollback, researchers revealed that suspected nation-state criminals had breached a major telecom technology provider and remained undetected for nearly a year, highlighting ongoing industry vulnerabilities. 
• Consumers can’t control FCC cybersecurity policy, but can reduce personal risk by using encrypted messaging apps, enabling multi-factor authentication, keeping devices updated and restarting phones regularly. 
• For more information on identity and cybersecurity threats, or if you believe you’ve been the victim of identity theft, fraud or a scam, contact the Identity Theft Resource Center toll-free by phone or text at 888.400.5530 or via live chat at www.idtheftcenter.org. 

Full Transcript 

Welcome to the Identity Theft Resource Center’s (ITRC’s) Weekly Breach Breakdown for December 5, 2025. I’m Tim Walden, Communications Leader for the ITRC. Thanks to SentiLink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. Today, we’re talking about a major Federal Communications Commission (FCC) cybersecurity policy shift that could affect nearly every phone call, text and data connection in the U.S. 

The FCC plans to vote this month on whether to eliminate FCC cybersecurity requirements for telecom carriers. Those are the companies that provide cell phone and internet services to millions of Americans. 

Earlier this year, the FCC cybersecurity framework required telecom providers to create cybersecurity plans to help protect against intrusions, supply-chain threats and service disruptions. That decision came after a massive cyberattack known as Salt Typhoon — a China-linked campaign that targeted U.S. telecom networks. The attack exposed sensitive information from federal wiretaps, the calls and texts of high-profile Americans and data linked to more than a million other people. 

Now, the current FCC Chair, Brendan Carr, says those FCC cybersecurity rules went too far. He called the January decision an “ineffective” and “overreaching” interpretation of the law and is pushing to undo those requirements entirely. Instead, the FCC plans to take what it calls a “targeted approach”, encouraging better cybersecurity practices voluntarily rather than requiring them through formal rules. 

Critics say that could leave a major gap. Without these rules, there are effectively no federal cybersecurity requirements for telecom companies, despite repeated breaches and outdated systems that have exposed consumer data in the past. 

Hours after the FCC announced its plan, researchers revealed that suspected nation-state criminals had breached a backbone technology provider used by U.S. and international telecom operators and had remained undetected for nearly a year. 

So, what does this mean for you? 

Even though you can’t control FCC cybersecurity decisions or how telecom companies secure their networks, you can still take steps to protect yourself: 

• Use encrypted messaging apps when possible. 
• Turn on multi-factor authentication for your accounts. 
• Keep your phone and apps updated. 
• Restart your device regularly to help clear out potential exploits. 

Cybersecurity often depends on decisions made far above the consumer level, but personal habits still matter. Staying vigilant with your own devices and accounts helps reduce your risk when larger systems fail. 

If you want to learn more about protecting your information from identity criminals, or if you believe you’ve been the victim of identity theft, fraud or a scam, the ITRC is here to help. You can speak with one of our expert advisors by phone or text, chat live on our website, or send us an email during our normal business hours, 6 a.m. to 5 p.m. PT. Just visit www.idtheftcenter.org to get started. 

Thanks again to SentiLink for their support of the ITRC and this podcast. Please like this episode and subscribe wherever you listen. Next week, we will have an episode of our sister podcast, the Fraudian Slip, that looks at the findings from our 2025 Business Impact Report, which will be released on Wednesday, December 10.  

This is our last episode of the Weekly Breach Breakdown of 2025. Thank you for being a follower of this podcast throughout the year. We’ll be back next year with a brand new season of the Weekly Breach Breakdown. I’m Tim Walden. Until then, happy holidays and thanks for listening.