SIM-swapping – also known as a ‘port-out scam’ – involves the theft of a cell phone number in order to hijack online financial and social media accounts, enabled by the fact that many firms use automated messages or phone calls to handle customer authentication.
According to one of the (partially redacted) Silver Miller Statement of Claim documents – filed against AT&T on behalf of crypto holders who allegedly suffered thefts via sim-swapping – the Dallas-based telecoms “behemoth” had operating revenues of over $160 billion and assets of over $444 billion as of 2017.
The claim alleges that “as a result of AT&T’s failures,” Silver Miller’s client was robbed of crypto asset holdings worth over $621,000 in a SIM swap, even after AT&T had assured him it had heightened security on his account following an earlier attempted hack.
As Silver Miller contends, AT&T is well-aware of the “pervasive harm” posed by SIM-swaps, having issued “public advisories” in the past warning that the threat is “industry-wide” and assuring the public of its safeguards against the practice.
AT&T is accused of acting “as a co-conspirator to the theft or through abject negligence” by transferring the account holder’s cell phone number to the attacker, and “exhibiting bad faith through its conscious awareness of and deliberate indifference to the risk to Claimant’s Personal Information.”
As per Silver Miller, AT&T’s failures further included “improperly hiring, training, and supervising its employees,” and “failing to invest in adequate security protections.”
According to the press release, other cases filed by the firm against T-Mobile pertain to victims who lost $400,000 and $250,000 respectively, in similar SIM-swap incidents.
This summer, Cointelegraph interviewed Michael Terpin, an American blockchain and long-time crypto investor, who has sued AT&T for negligence that allegedly resulted in the theft of over $24 million in crypto holdings.
Terpin, who co-founded BitAngels in 2013 and, more recently, blockchain PR firm Transform Group, emphasized that many “smaller” crypto tokens cannot be kept in cold storage, and that – particularly if staked – they must be kept in a native wallet. They are thus more vulnerable to negligence, or even alleged complicity by the gatekeepers of user identity data. He advised investors to use a “Google voice” number, as:
“[Y]ou have to have something that does not have a retail store where a $10-an-hour employee can be bribed to give up your information and your digital life.”