A Californian man named Seth Shapiro has filed a lawsuit against AT&T alleging that the company’s employees helped hackers carry out sim swapping of his number that cost him over 1.8 million dollars in digital currency.
Holding AT&T liable for his loss, Shapiro said that the firm failed in implementing tools and systems to prevent its employees from performing such schemes, adding that the company is accountable for the acts carried out by its employees. Shapiro filed the complaint on October 17, 2019, with the United States District Court for the Central District of California.
Divulging more information, Shapiro stated that an employee of AT&T let the hacker gain access to his phone number and swap it from his device to a distinct device held by the hacker. The sim swapping attack compromised Shapiro’s highly sensitive personal as well as financial data and information, that ultimately resulted in the massive theft of over 1.8 million dollars, per the court filing.
Shapiro Suffered Four Sim Swap Attacks Between May-18 to May-19
As per the lawsuit, Shapiro became a victim of sim swap attacks, not once or twice but as many as four times in a span of a year.
The first incident took place on May 16, 2018, when Shapiro was in New York City. He noticed something amiss with his phone and a loss of connection with the AT&T network. He immediately contacted AT&T and asked them to secure his account. A company representative then suspended Shapiro’s service and asked him to visit the AT&T store.
Shapiro purchased a new phone, along with a sim, at the store as directed by the AT&T employees after their assurance that he won’t suffer another such attack. However, Shapiro became a victim of another sim-swapping attack only minutes later when he was still at the store. Though he informed the staff immediately about it, he was asked to wait for his turn, causing him the loss of his life savings.
Per the lawsuit, the hackers gained access to all of Shapiro’s account information, including his crypto exchange accounts and PayPal account, and reset the passwords. Shapiro had accounts on major crypto exchanges including Bittrex, KuCoin, Coinbase, Crytopia, Huobi, HitBTC, LiveCoin, and Bitfinex. Post gaining control to Shapiro’s accounts, hackers transferred the funds to their own accounts, causing the loss of over 1.8 million dollars with 2 consecutive attacks.
The documents state that Shapiro gained back access to his personal and email accounts after 14 hours, except for several crypto accounts. Upon assurances from the company that there won’t be any data breach going forward, Shapiro remained their customer. However, he was victimized again in November of the same year and in May this year.
About the incident, AT&T has said in a statement that they are disputing these allegations and looking forward to presenting their case in the court. The firm also maintained that they are working hard to prevent such attacks with improvements in their technology and are educating their customers as well on how they can protect themselves.
It’s Not the First Such Incident
Michael Terpin, a crypto investor, also became a victim to a similar sim swap attack wherein he lost around 24 million dollars in cryptocurrency and sued AT&T in August last year. In July, Terpin’s lawsuit was allowed to move forward by a federal judge in LA.
More recently, Terpin has written an open letter to Ajit Pai, the Chairman of the FCC (Federal Communications Commission), requesting him to take urgent action on the sim swap frauds.