Telecom giant AT&T recently received a second lawsuit for a SIM-swap attack that led to cryptocurrency thefts for a customer. The customer accused the company of being complacent in these attacks.
A $1.9 million theft
A technology consultant Seth Shapiro lost $1.9 million in cryptocurrency. He said that he lost his “life savings” because of the lackadaisical security by AT&T which allowed hackers to enter his cryptocurrency wallets and steal his money. The lawsuit now blames the company for theft and “the compromise of highly sensitive personal and financial information”.
Shapiro said in a lawsuit that there was an elaborate scheme by fraudsters to steal funds. His lawsuit has been filed in California. It is still not clear how the hackers were able to replace the mobile SIM of Shapiro. However, the lawsuit suggests that two employees of the telecom company were complacent in this scheme. They helped the hackers in transferring the phone number to their own device. Shapiro visited a New York store to find out why he lost service on his phone. He received control back but the hackers were able to resume their work only a few minutes later.
As soon as they had access to his number, they requested a change of password and reset security on several of his accounts, because of which he was locked out. The hackers then changed passwords of his crypto accounts and started transferring his digital assets to their wallets.
What else does the lawsuit allege?
The lawsuit suggests,
“AT&T failed to implement sufficient data security systems and procedures and failed to supervise its own personnel, instead standing by as its employees used their position at the company to gain unauthorized access to Mr. Shapiro’s account in order to rob, extort and threaten him in exchange for money.”
AT&T faced a similar case last year as well when crypto entrepreneur Michael Terpin blamed the company of fraud, negligence, and various other violations. He lost $24 million because of a SIM swap attack.