Security

It’s happened again: AT&T sued for allegedly transferring victim's number to thieves in $1.9m cryptocoin heist

Man claims life savings lost in theft aided by telco staff


AT&T has been sued for a second time over allegations its staff gave thieves control of a specific individual’s cellphone number to steal a large chunk of cryptocurrency.

Seth Shapiro’s $1.9m claim follows in the footsteps of Michael Terpin, who sued the gigantic US cellular network in 2018 for more or less the same thing: staff ported a subscriber's phone number to a hacker's SIM – a so-called SIM swap scam – allowing the miscreant to steal what Terpin claims in his case was $24m in cryptocurrency.

But while Terpin’s court battle was allowed to move forward, Shapiro is still fighting AT&T lawyers to get his legal challenge past its first stage and approved by a judge for trial. In the most recent filing [PDF] in Shapiro's case, submitted this month, AT&T claimed he “does not come close to curing the inadequacies” of his first filing against the mega-telco.

Shapiro is a technology consultant who has worked with the likes of Disney and Showtime. His cryptocurrency stash was his “life savings,” he said in his lawsuit. One day, he suddenly lost service on his AT&T cellphone, he claimed, and went into one of the carrier's stores in New York to figure out what was going on.

It's Terpin time: Bloke who was SIM jacked twice by Bitcoin thieves gets green light to sue telco for millions

READ MORE

The store told him to get a new phone and SIM, which he did, however, his lawsuit claimed that within minutes of getting service back and while still in the shop, the thieves struck again. This time the hackers were able to gain control of his number long enough to use it to gain access to his online accounts and siphon digital money from his cryptocurrency wallet, he said.

A criminal investigation led to charges against two AT&T employees who, it is alleged, assisted in shifting Shapiro’s number to the crooks. But Shapiro wants his money back, and is suing AT&T for "an egregious violation of the law and its own promises" when it allowed the alleged SIM swap.

Amazingly, just as in the case of Michael Terpin, AT&T allegedly told Shapiro it would put in place special precautions to prevent any SIM hijackings: measures that failed when the pair were targeted.

"AT&T failed to implement sufficient data security systems and procedures and failed to supervise its own personnel, instead standing by as its employees used their position at the company to gain unauthorized access to Mr Shapiro's account in order to rob, extort and threaten him in exchange for money," the lawsuit, filed in California, argued.

Shapiro is going after the telco on several grounds, including alleged negligence and violations of America's Communications Act and consumer protection laws. AT&T argued Shapiro didn’t take his complaint to the carrier before suing, and that he is therefore relying on false information in making his claims. AT&T’s earlier effort to dismiss the case failed, and at the moment it is challenging two of Shapiro's seven claims. ®

Send us news
25 Comments

Cyber baddies leak 70M+ files online, claim they're from AT&T

Telco reckons data is old, isn't from its systems

AT&T's apology for Thursday's outage should stretch to a cup of coffee

Check your service level agreements to make sure you'll at least get a slice of cake when your vendor goes down

Americans wake to widespread AT&T cellular outages

Telco battles to fix busted connectivity as other carriers feel the effects

Fox News 'hacker' turns out to be journalist whose lawyers say was doing his job

Also, another fake iOS app slips into the store, un-cybersafe EV chargers leave UK shelves, and critical vulns

Hackers mod a Sony PlayStation Portal to run PSP games

Modders claim GTA: Liberty City Stories and Tekken 6 are running 'very smoothly'

Wikileaks source and former CIA worker Joshua Schulte sentenced to 40 years jail

'Vault 7' leak detailed cyber-ops including forged digital certs

Tesla hacks make big bank at Pwn2Own's first automotive-focused event

ALSO: SEC admits to X account negligence; New macOS malware family appears; and some critical vulns

Think tank report labels NSO, Lazarus as 'cyber mercenaries'

Sure, they do crimes. But the plausible deniability governments adore means they deserve a different label

Red Cross lays down hacktivism law as Ukraine war rages on

Rules apply to cyber vigilantes and their home nations, but experts cast doubt over potential benefits

CLI-beautifying ANSI escape sequences can also make your log files a security threat

When you can't even cat your telemetry safely, who can you trust?

Tesla hackers turn to voltage glitching to unlock paywalled features

Oh, this old thing? Yeah, it's got an AMD processor. Why?

How insecure is America's FirstNet emergency response system? Seriously, anyone know?

Senator Wyden warns full probe needed into vital comms network