It’s happened again: AT&T sued for allegedly transferring victim’s number to thieves in $1.9m cryptocoin heist

AT&T has been sued for a second time over claims its staff gave thieves access to a specific individual’s account, who then used it to steal a large chunk of cryptocurrency.

Seth Shapiro’s $1.9m claim follows in the footsteps of Michael Terpin, who sued the gigantic cellular network in 2018 for more or less the same thing: staff ported a subscriber’s phone number to a hacker – a so-called SIM swap scam – allowing the miscreant to steal what Terpin claims, in his case, was $24m in cryptocurrency.

But while Terpin’s court battle has been allowed to move forward, Shapiro is still fighting AT&T lawyers to get his legal challenge past its first stage and approved by a judge for trial. In the most recent filing [PDF] in Shapiro’s case, submitted this month, AT&T claimed he “does not come close to curing the inadequacies” of his first filing against the mega-telco.

Shapiro is a technology consultant who has worked with the likes of Disney and Showtime. His cryptocurrency stash was his “life savings,” he said in his lawsuit. One day, he suddenly lost service, he said, and went into one of AT&T’s stores in New York to figure out what was going on.

Someone lifting bitcoin out of a wallet

It’s Terpin time: Bloke who was SIM jacked twice by Bitcoin thieves gets green light to sue telco for millions


The store told him to get a new phone and SIM, which he did, however, his lawsuit claimed that within minutes of getting service back and while still in the store, the thieves struck again. This time the hackers were able to gain control of his number long enough to use it to reset passwords or otherwise gain access to his online account and siphon the digital money from his cryptocurrency wallet, he said.

A criminal investigation led to charges against two AT&T employees who, it is alleged, assisted in shifting Shapiro’s number to the crooks. But Shapiro wants his money back, and is suing AT&T for “an egregious violation of the law and its own promises” when it allowed the SIM swap.

Amazingly, just as in the case of Michael Terpin, AT&T allegedly told Shapiro it would take special precautions to prevent future attacks: measures that then failed when the pair were targeted again.

“AT&T failed to implement sufficient data security systems and procedures and failed to supervise its own personnel, instead standing by as its employees used their position at the company to gain unauthorized access to Mr Shapiro’s account in order to rob, extort and threaten him in exchange for money,” the lawsuit argued.

Shapiro is going after the telco on several grounds, including alleged negligence and violations of America’s Communications Act and consumer protection laws. AT&T argued Shapiro didn’t take his complaint to the carrier before suing, and that he is therefore relying on false information in making his claims. AT&T’s earlier effort to dismiss the case failed, and at the moment it is challenging two of Shapiro’s seven claims. ®

Follow me for more information.


Questions or Comments?

Product categories


July 2020