Telecommunications company AT&T found itself for the second time on the end of a “SIM-jacking” lawsuit after a customer accused it of allowing hackers to swap his SIM card. The security breach resulted in the theft of cryptocurrency worth $1.9 million, as well as “the compromise of highly sensitive personal and financial information”.
Seth Shapiro, an advisor in business and technology, claimed that the AT&T’s lack of security allowed hackers to enter his wallets and steal crypto coins that were indeed his entire “life savings”.
The Most Diverse Audience to Date at FMLS 2020 – Where Finance Meets Innovation
According to the lawsuit, filed in California, Shapiro describes what appears to be an elaborate scheme by fraudsters.
It is unclear exactly how the thieves replaced Shapiro’s mobile SIM, but the lawsuit suggests that two AT&T employees were in cahoots and helped the phone number be transferred to their own device. Specifically, he lost service on his AT&T cellphone, so he visited one of the carrier’s stores in New York to figure out the problem, but within minutes of getting service back the hackers were able to gain control of Shapiro’s number.
Once the thieves had access to his phone number, they were able to request a password change and reset the security on many of his accounts, effectively locking him out. The hackers also changed the password on his cryptocurrency account and initiated the transfer of digital assets to their own wallets.
“AT&T failed to implement sufficient data security systems and procedures and failed to supervise its own personnel, instead standing by as its employees used their position at the company to gain unauthorized access to Mr Shapiro’s account in order to rob, extort and threaten him in exchange for money,” the lawsuit further states.
In a similar case last year, Michael Terpin, a serial cryptocurrency entrepreneur and technology startup extraordinaire, also accused the telecommunications giant of negligence, fraud, and other violations.
Phone and internet service provider, however, claimed that it is not responsible for a series of recent SIM-swapping complaints. But the Judge engaged in the lawsuit denied AT&T’s request to dismiss the case or disregard its legal obligations, saying the company “can be held to answer a lawsuit by Michael Terpin for enabling the theft of $24 million of his cryptocurrency by giving his SIM card to hackers.”
The lawsuit described the case as an example of classic identity theft, in which hackers gained access to sensitive financial information by stealing personal data. The plaintiff is seeking damages and injunctive relief, claiming that the company was at fault and thus should pay him $224 million of compensation.