As part of the agreement, TMobile has to harden IT security and show proof (e.g., CISO who reports regularly to feds, adoption of Zero Trust, adoption of minimal data retention policy). Why TMobile must have their hand held like this is beyond me.

Is the $8B profit or revenue?

To your point, $16M is surely not a big fine for such a big company though, but I do think it's important not conflate profit and revenue when evaluating fines.

Generally speaking, I would love to see some much harsher penalties for negligence with data. I want companies to start seeing customer data as a liability, not as an asset, and I don't think that will happen until f**k-ups starts really making a dent in the bank account.

The equivalent of about $200 for someone making $100,000/yr

FCC: "That'll teach 'em"