In the past, we’ve reported that AT&T has been the subject of lawsuits in that it allowed its employees to take part in SIM-swapping attempts, so hackers could gain access to potential cryptocurrency holders’ phones. A new case has emerged today that sees the phone company at the center of an $18 million lawsuit.
AT&T Is at the Center of a Crypto Fight… Again
The plaintiff is Seth Shapiro of Torrance, California. Shapiro describes himself as an “Emmy-winning media and technology expert,” thought at press time, it’s unclear what programs he’s worked on. Either way, SIM-swapping continues to be a popular method amongst cyberthieves looking to get their fingers on cryptocurrency funds that aren’t theirs.
SIM-swapping occurs when a hacker gains access to a phone holder’s private information, such as their birthdate or social security number. They then contact the employees of that person’s cell phone provider and request data regarding the client’s passwords and login information, claiming this data was lost. Given that they’re able to provide sensitive data such as the date of birth, these employees typically believe the person. Otherwise, they may be bribed to just hand the information over.
From there, the hacker can gain access to the person’s online accounts, which may include cryptocurrency wallets and addresses. The lawsuit alleges that between May 2018 and May 2019, employees of AT&T garnered unauthorized access to Shapiro’s phone, gathered his personal information and transferred this data into the hands of a third-party in exchange for a few bucks. The hacker was then able to steal nearly $2 million in crypto funds from Shapiro.
He is now suing AT&T for nearly $20 million, alleging that the company should have had better control over its employees and that more steps should have been taken to prevent his private data from being compromised. The suit was filed on October 17 in a California Federal District Court.
Legal documents explain:
Criminal investigations reveal that a third-party (an individual identified by authorities as ‘JD’) paid… to change the SIM-card associated with Mr. Shapiro’s AT&T account from the SIM card in Mr. Shapiro’s phone to a SIM card in a phone controlled by JD and others.
More Accounts Prior
In addition, AT&T contacted law enforcement officials to explain that JD had potentially requested as many as 40 separate accounts be moved to his phone just prior to the swap that occurred with Shapiro. AT&T thus had the technology to track suspicious behavior but did not take steps early enough to protect Shapiro or its remaining clients.
Last July, a federal judge allowed a SIM-swapping class-action lawsuit headed by Michael Terpin to move forward against AT&T. The company seems to have a lengthy history of allowing SIM-swapping cases to occur. Terpin alleges he lost more than $24 million in crypto funds to a hacker.