According to the news report by Reuters, AT&T Inc. is being sued by the American serial entrepreneur and crypto investor, Michael Terpin. Terpin has filed a $224 million lawsuit against the telecommunications giant, alleging that it is guilty of gross negligence as well as fraud.
Michael Terpin is not lightweight. He co-founded the first angel group for BTC (Bitcoin) investors called BitAngels in 2013, then in 2014 founded the first digital currency fund, BitAngels/DApps and is also a senior advisor for the Alphabit Fund, which is one of the world’s biggest cryptocurrency hedge funds.
On Wednesday, August 15, Terpin filed a 69-page complaint against AT&T, alleging that the telecom company’s gross negligence led to the theft of cryptocurrencies from his personal account. He also accused the company of violating its statutory duties and failing to live up to its own Privacy Policies.
This complaint, filed with the US District Court in Los Angeles, California, stated that on January 7 this year, cryptocurrency tokens were stolen from his account by a digital identity theft of his mobile account. At this time AT&T was his mobile service provider. He also claimed that after the cryptocurrencies were stolen from his account, his cell phone account was transferred under the name of an international criminal gang.
According to Terpin, this theft took place through what is known as SIM Swap Fraud. SIM (Subscriber Identification Module) cards are used by mobile companies to authenticate users on their mobile phones. SIM swap fraud takes place when a mobile service provider is conned into transferring a user’s phone number to a SIM card which is controlled by another person.
Once that swap is completed and the person gets control of a user’s SIM, the subscriber password can be reset and the hacker can gain access to not just the user’s phone but also his or her online mobile accounts.
Terpin, in his complaint, stated that he was the victim of two hack attacks in a span of seven months. After the first theft, Terpin stated that the hacker got his phone number from an insider who was in on the deal, thereby bypassing the need to provide valid identification or even provide the required PIN.
Once the hacker got a hold of all his details, he/she was able to access his cryptocurrency accounts and get away with almost $24 million worth of cryptocurrencies.
Terpin dramatically compared what AT&T did to a hotel that had given a thief who showed a false ID a room key as well as a key to the room’s safe so that he could steal everything of value from the occupant of that room.
Thus, in addition to the $24 million worth of cryptocurrencies that he lost in the two hacks, Terpin is also seeking $200 million in punitive damages. AT&T released a statement that it was going to dispute these charges and was looking forward to presenting their side of the story in court.
Terpin, who is being represented by the Los Angeles law firm Greenberg Glusker, said that this is not the first such complaint against the telecom company. He stated that there have been previous probes by law enforcement for the same issue.
CCN also noted that this incident serves as another reminder about how dangerous it is to use SMS-based 2FA (two factor authentication) on mobile devices. While is it better than not having any form of authentication, users are still at risk of such SIM-jacking attacks.
Security experts say that users should secure their online accounts using both app-based as well as security-key based 2FA processes. The problem is that most websites today don’t offer that level of security.