The Weekly Breach Breakdown Podcast: Dialing Back Security – The FCC Cybersecurity Vote - S6E37

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC’s) Weekly Breach Breakdown for December 5, 2025. I’m Tim Walden, Communications Leader for the ITRC. Thanks to SentiLink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. Today, we’re talking about a major Federal Communications Commission (FCC) cybersecurity policy shift that could affect nearly every phone call, text and data connection in the U.S. 

The FCC plans to vote this month on whether to eliminate FCC cybersecurity requirements for telecom carriers. Those are the companies that provide cell phone and internet services to millions of Americans. 

Earlier this year, the FCC cybersecurity framework required telecom providers to create cybersecurity plans to help protect against intrusions, supply-chain threats and service disruptions. That decision came after a massive cyberattack known as Salt Typhoon — a China-linked campaign that targeted U.S. telecom networks. The attack exposed sensitive information from federal wiretaps, the calls and texts of high-profile Americans and data linked to more than a million other people. 

Now, the current FCC Chair, Brendan Carr, says those FCC cybersecurity rules went too far. He called the January decision an “ineffective” and “overreaching” interpretation of the law and is pushing to undo those requirements entirely. Instead, the FCC plans to take what it calls a “targeted approach”, encouraging better cybersecurity practices voluntarily rather than requiring them through formal rules. 

Critics say that could leave a major gap. Without these rules, there are effectively no federal cybersecurity requirements for telecom companies, despite repeated breaches and outdated systems that have exposed consumer data in the past. 

Hours after the FCC announced its plan, researchers revealed that suspected nation-state criminals had breached a backbone technology provider used by U.S. and international telecom operators and had remained undetected for nearly a year. 

So, what does this mean for you? 

Even though you can’t control FCC cybersecurity decisions or how telecom companies secure their networks, you can still take steps to protect yourself: 

• Use encrypted messaging apps when possible. 
• Turn on multi-factor authentication for your accounts. 
• Keep your phone and apps updated. 
• Restart your device regularly to help clear out potential exploits. 

Cybersecurity often depends on decisions made far above the consumer level, but personal habits still matter. Staying vigilant with your own devices and accounts helps reduce your risk when larger systems fail. 

If you want to learn more about protecting your information from identity criminals, or if you believe you’ve been the victim of identity theft, fraud or a scam, the ITRC is here to help. You can speak with one of our expert advisors by phone or text, chat live on our website, or send us an email during our normal business hours, 6 a.m. to 5 p.m. PT. Just visit www.idtheftcenter.org to get started. 

Thanks again to SentiLink for their support of the ITRC and this podcast. Please like this episode and subscribe wherever you listen. Next week, we will have an episode of our sister podcast, the Fraudian Slip, that looks at the findings from our 2025 Business Impact Report, which will be released on Wednesday, December 10.  

This is our last episode of the Weekly Breach Breakdown of 2025. Thank you for being a follower of this podcast throughout the year. We’ll be back next year with a brand new season of the Weekly Breach Breakdown. I’m Tim Walden. Until then, happy holidays and thanks for listening.