AT&T has been sued for a second time over allegations its staff gave thieves control of a specific individual’s cellphone number to steal a large chunk of cryptocurrency.
Seth Shapiro’s $1.9m claim follows in the footsteps of Michael Terpin, who sued the gigantic US cellular network in 2018 for more or less the same thing: staff ported a subscriber’s phone number to a hacker’s SIM – a so-called SIM swap scam – allowing the miscreant to steal what Terpin claims in his case was $24m in cryptocurrency.
But while Terpin’s court battle was allowed to move forward, Shapiro is still fighting AT&T lawyers to get his legal challenge past its first stage and approved by a judge for trial. In the most recent filing [PDF] in Shapiro’s case, submitted this month, AT&T claimed he “does not come close to curing the inadequacies” of his first filing against the mega-telco.
Shapiro is a technology consultant who has worked with the likes of Disney and Showtime. His cryptocurrency stash was his “life savings,” he said in his lawsuit. One day, he suddenly lost service on his AT&T cellphone, he claimed, and went into one of the carrier’s stores in New York to figure out what was going on.
It’s Terpin time: Bloke who was SIM jacked twice by Bitcoin thieves gets green light to sue telco for millions
The store told him to get a new phone and SIM, which he did, however, his lawsuit claimed that within minutes of getting service back and while still in the shop, the thieves struck again. This time the hackers were able to gain control of his number long enough to use it to gain access to his online accounts and siphon digital money from his cryptocurrency wallet, he said.
A criminal investigation led to charges against two AT&T employees who, it is alleged, assisted in shifting Shapiro’s number to the crooks. But Shapiro wants his money back, and is suing AT&T for “an egregious violation of the law and its own promises” when it allowed the alleged SIM swap.
Amazingly, just as in the case of Michael Terpin, AT&T allegedly told Shapiro it would put in place special precautions to prevent any SIM hijackings: measures that failed when the pair were targeted.
“AT&T failed to implement sufficient data security systems and procedures and failed to supervise its own personnel, instead standing by as its employees used their position at the company to gain unauthorized access to Mr Shapiro’s account in order to rob, extort and threaten him in exchange for money,” the lawsuit, filed in California, argued.
Shapiro is going after the telco on several grounds, including alleged negligence and violations of America’s Communications Act and consumer protection laws. AT&T argued Shapiro didn’t take his complaint to the carrier before suing, and that he is therefore relying on false information in making his claims. AT&T’s earlier effort to dismiss the case failed, and at the moment it is challenging two of Shapiro’s seven claims. ®