Reggie Middleton, the chief executive of crypto company Veritaseum, is suing telecommunications provider T-Mobile for allegedly enabling the theft of $8.7 million worth of crypto in a series of SIM-swap attacks.
According to filings published on July 22, Middleton was first targeted by SIM-swappers during July 2017. Despite immediately reporting the incident to T-Mobile, Middleton claims to have been the victim of four successful SIM-swaps over the rest of 2017, and further attacks during 2018 and 2019.
The suit accuses T-Mobile of having “abjectly failed” in its responsibility to protect the personal and financial information of its customers.
What is a SIM-swap attack?
SIM-swap attacks are executed by a hacker with the usually unwitting assistance of an employee of a telecommunications provider — who reassigns the target’s SIM card to a phone under the control of the hacker.
Once control over the SIM is secured, the attacker then attempts to gain access to sensitive accounts controlled by the victim, such as emails, online banking, and crypto wallets or exchange accounts.
Middleton’s suit says:
“As a result of T-Mobile's gross negligence in protecting plaintiffs' information, its negligent hiring and supervision of T-Mobile employees who were responsible for safeguarding that information, and its violation of laws that expressly protect the information of wireless carrier customers, plaintiffs lost $8.7 million in cryptocurrency.”
The complaint adds that Middleton has “suffered and continues to suffer severe anxiety, fear, and emotional distress relating to the repeated instances of identity theft.”
Telecoms firms face legal action
Lawsuits targeting telecommunications providers for allowing SIM-swap attacks to transpire have increased in number over the past year, with AT&T currently facing at least two lawsuits from crypto investors for failing to prevent attacks.
In addition to suing AT&T, BitAngels founder and pioneering crypto investor Michael Terpin has brought a civil complaint against an 18-year-old for masterminding that attacks resulted in the loss of nearly $24 million in crypto.
In June, a 20-year-old Californian was charged for his role in 28 SIM-swap attacks.