from the ill-communication dept
Wireless carriers are coming under increasing fire for failing to protect their users from SIM hijacking. The practice involves posing as a wireless customer, then fooling a wireless carrier to port the victim’s cell phone number right out from underneath them, letting the attacker then pose as the customer to potentially devastating effect. Back in February, a man sued T-Mobile for failing to protect his account after a hacker pretending to be him, ported out his phone number, then managed to use his identity to steal thousands of dollars worth of cryptocoins.
T-Mobile customers aren’t the only users who’ve experienced this problem. US entrepreneur and cryptocurrency investor Michael Terpin sued AT&T last summer (pdf) for the same thing: somebody ran a SIM hijacking scam on AT&T, then stole his identity and, in turn, stole $23.8 million in cryptocurrency. And while AT&T tried hard to have the case dismissed, a Los Angeles federal judge last week issued a mixed ruling that nixed AT&T’s request to dismiss the case, but demanded that Terpin do a better job highlighting how AT&T is directly responsible:
“Wright agreed with AT&T that Terpin had not adequately explained how the hack of his account led to the theft of his cryptocurrency or why AT&T should bear responsibility. As a result, he dismissed claims that relied on Terpin’s claimed $24 million loss. However, Wright dismissed the claims with “leave to amend,” meaning that Terpin has 21 days to file a new version of his lawsuit that more fully explains how the cryptocurrency was stolen and why AT&T should be held responsible.”
AT&T, as you might expect, has argued in court and in public that it’s not liable for, well, anything. Ever.
Carriers frequently aren’t keen on talking about the problem, in part because their employees keep getting busted for helping the scammers. And keep in mind AT&T keeps having these kinds of problems. Repeatedly. In just the last few years AT&T has been: fined $18.6 million for helping rip off programs for the hearing impaired; fined $10.4 million for ripping off a program for low-income families; and fined $105 million for helping “crammers” by intentionally making such bogus charges more difficult to see on customer bills.
In short this isn’t a company with a great track record when it comes to ethical behavior or protecting its subscribers from scams. Terpin, for his part, has been given an additional three weeks to beef up his case before it proceeds:
“I am grateful that Judge Wright is allowing my case to proceed,” Terpin said. “We must hold AT&T accountable. If AT&T demonstrated the same zeal to totally revamp its porous security system as it does to suppress the damning evidence of its callous indifference to its customers, we would not be in court.”