AT&T's failure to stop hackers from stealing the mobile phone number of a cryptocurrency investor in a "SIM swapping" scam has sparked a $224 million lawsuit against the company.
On Wednesday, the investor and tech entrepreneur Michael Terpin announced he was suing AT&T for its role in a hack that involved thieves stealing $24 million from his cryptocurrency accounts. "Somebody needed to sue AT&T for fraud and gross negligence in letting criminals SIM swap,"
The incident occurred this January when an AT&T employee in a Norwich, Conn. store transferred his number to an imposter. This allowed thieves to intercept Terpin's personal information, which was used to break into his cryptocurrency accounts.
However, Terpin's lawsuit claims that AT&T's security apparatus contains one big hole: company employees who ignore the rules. According to his lawsuit, AT&T admitted to
"The employees at the AT&T store who unlawfully handed over Mr. Terpin's telephone number to thieves were either blind or complicit," the lawsuit claims. It goes on to accuse AT&T of being fully aware that some employees are perpetrating the SIM swapping
The lawsuit is demanding AT&T pay
It isn't the first time a carrier has been sued over SIM swapping. In February, a Washington man filed a lawsuit against T-Mobile in a similar incident involving hackers porting over his number to steal his cryptocurrency funds.
SIM swapping usually occurs when hackers try to break into your online accounts. By taking over the mobile phone number, a cybercriminal can in some cases reset the passwords to get in. They can also intercept any special codes you receive when logging into accounts protected by SMS-based two-factor authentication.
To protect yourself, you should consider removing your phone number from important accounts. You can also substitute SMS-based two-factor authentication with alternatives like using an Authenticator app, which will generate the special codes without the need for your mobile phone carrier. Cryptocurrency exchanges such as Coinbase support Authenticator apps.