AT&T, headquartered at Whitacre Tower in Downtown Dallas, Texas, is a multinational conglomerate holding company. Recently, Seth Shapiro, a California resident, filed a lawsuit against AT&T alleging that its employees facilitated a SIM-swap. According to Shapiro, money and cryptocurrencies of $1.8 million worth were lost due to the SIM-swap attack.
As per the lawsuit filed, between May 16 and May 18, employees accessed Shapiro’s AT&T wireless account and after viewing his confidential personal information shared the access of Shapiro’s phone with some hackers. Ultimately, outside hackers capitalizing on the information provided to them were able to get their hands on Shapiro’s personal and digital finance accounts to steal more than $1.8 million.
The lawsuit alleges hackers to gain access to Shapiro’s several accounts on various cryptocurrency exchanges. In this regard, the document explains:
While third parties had control over Mr. Shapiro’s AT&T wireless number, they used that control to access and reset the passwords for Mr. Shapiro’s accounts on cryptocurrency exchange platforms including KuCoin, Bittrex, Wax, Coinbase, Huobi, Crytopia, LiveCoin, HitBTC, Coss.io, Liqui, and Bitfinex.
At the moment, the plaintiff Shapiro claims to possess a conversation between employees and hackers discussing the plan of stealing money and then further exploring channels to route it. According to Shapiro, as AT&T hadn’t protected his private information, he fell victim to SIM-swapping.
He believes that as he has already been subjected to several such attacks in the past as well, his personal information had been leaked due to negligence of AT&T a long ago. Shapiro alleges that AT&T has violated the Federal Communications Act as the company was unable to protect the private information of its customers. Documented in the lawsuit, the complaint reads:
AT&T’s Repeated Failures to Protect Mr. Shapiro’s Account from Unauthorized Access Are a Violation of Federal Law.
Several terms are used in place of SIM-Swap attacks such as a port-out scam, SIM splitting, or simjacking. In this attack, attackers are able to take control of the victim’s SIM card. In the meanwhile, they exchange the traffic of original SIM-card with a fake one, hence, SIM-swapping.
After successfully swapping the SIM, attackers gain access to victim’s OTPS, financial accounts and card related alerts which are further manipulated to full illicit and unethical aims.
Surprisingly, this isn’t the first time for a user to accuse AT&T of a SIM-swap. A few months ago, Mr. Terpin also filed a lawsuit against AT&T. At that time, Terpin lost about $24 million worth of cryptocurrencies. Although the court dismissed the motion at that time, let’s see how the case goes for Shapiro.