In a lawsuit filed Aug. 15 in the U.S. District Court in Los Angeles, cryptocurrency investor Michael Terpin accuses AT&T of fraud, negligence and other actions that allegedly allowed thieves to access Terpin’s device and, subsequently, cryptocurrency reportedly valued at $23.8 million. For the loss and punitive damages, Terpin wants $223.8 million.
Terpin says he’s the victim of what’s called SIM swap fraud wherein a thief represents themselves as a mobile subscription holder. From there, the thief can interact with a carrier, posing as the subscriber, and have a SIM in their possession activated.
Terpin’s lawsuit describes the situation: “An imposter posing as Mr. Terpin was able to easily obtain Mr. Terpin’s telephone number from an insider cooperating with the hacker without the AT&T store employee requiring him to present valid identification or to give Mr. Terpin’s required password…IT was AT&T’s act of providing hackers with access to Mr. Terpin’s telephone number without adhering to its security procedures that allowed the cryptocurrency theft to occur. What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe…”
Privacy advocate Paul Bischoff gave some background on what he dubbed “SIM-jacking” which he said “arose as a response to the growing adoption of two-step verification…as a means to protect online accounts from hackers. Most two-step verification requires entering a PIN number sent to the user’s phone number. Unfortunately, employees who work at stores run by mobile carriers like AT&T have free reign to ‘hijack’ a SIM card and transfer the phone number to a different device.”
For its part, AT&T told CNBC, “We dispute these allegations and look forward to presenting our case in court.”
