Cryptocurrency Entrepreneur and Investor Michael Terpin Sues AT&T for Permitting $23.8 Million Theft in “SIM Swap” Scam by Authorized Agent
Terpin Also Seeks $200 Million in Punitive Damages as AT&T Alleged to Tolerate Insider Criminal Activity in Recent Arrests of SIM Swap Criminal Gangs
CommPRO Editorial Staff
Michael Terpin, serial entrepreneur and pioneering cryptocurrency investor, today filed a $223.8 million lawsuit against AT&T on 16 counts of fraud, gross negligence, invasion of privacy, unauthorized disclosure of confidential customer records, violation of a consent decree, failure to supervise its employees and investigate their criminal background, and related charges in US District Court in Los Angeles.
The suit arises from the January 7, 2018, theft of more than 3 million cryptocurrency tokens from Terpin by way of by a digital identity theft by an AT&T agent of Terpin's cellphone account and transfer to an international criminal gang being pursued by the FBI and multiple other federal and state law enforcement agencies. AT&T's gross negligence is compounded by the fact it promised Terpin unbreachable security on its end through a unique, purportedly unchangeable password following a smaller SIM swap theft in June, 2017.
"AT&T's studied indifference to protecting its customers' privacy and financial assets is a metastasizing cancer, threatening hundreds of millions of unsuspecting AT&T's customers," said Pierce O'Donnell, senior partner at leading litigation firm Greenberg Glusker in Century City, Los Angeles, which is lead counsel for Terpin in this complaint. "Our client had no idea when he initially signed up, nor when later he was promised the highest level of security for his account, that low-level retail employees with access to AT&T records, or people posing as them, can be bribed by criminals to override every system that AT&T advertises as unassailable."
The complaint then goes on to detail the July 2018 arrests of multiple SIM swap gang members, including Joel Ortiz, who was arrested on July 12 in Los Angeles on 28 counts and is suspected of stealing at least $5 million in cryptocurrency in similar hacks, including a $1.5 million SIM swap of an AT&T subscriber during New York Blockchain Week; and the July 18 arrest of Ricky Joseph Handschumacher in Florida for his role in a gang that stole at least $460,000 in bitcoin by hijacking SIM identities from AT&T customers, allegedly using information from one of its members in Michigan to effectively impersonate an AT&T customer service representative. Terpin alleges that this gang or one acting in similar fashion caused the SIM swap for the sole purpose of stealing cryptocurrency using an employee in an AT&T retail store in Connecticut on January 7, 2018.
Excerpts from the 69-page complaint:
Most troubling, AT&T does not improve its protections even though it knows from numerous incidents that some of its employees actively cooperate with hackers in SIM swap frauds by giving hackers direct access to customer information and by overriding AT&T's security procedures. In recent incidents, law enforcement has even confirmed that AT&T employees profited from working directly with cyber terrorists and thieves in SIM swap frauds.
AT&T's subscriber privacy protection system is thus a veritable modern-day Maginot Line: a lot of reassuring words that promote a false sense of security...
The porosity of AT&T's privacy program is dramatically evident in this case, which follows a pattern well known to AT&T. An experienced, high profile cryptocurrency investor, Plaintiff Michael Terpin was a longtime AT&T subscriber who entrusted his sensitive private information to AT&T and relied on AT&T's assurances and its compliance with applicable laws. Given all the carrier's hype about protecting customer security, Plaintiff believed that it would keep its promises about absolutely safeguarding him from a data breach that could lead to the theft of tens of millions of dollars of crypto currency.
Even after AT&T had placed vaunted additional protection on his account after an earlier incident, an imposter posing as Mr. Terpin was able to easily obtain Mr. Terpin's telephone number from an insider cooperating with the hacker without the AT&T store employee requiring him to present valid identification or to give Mr. Terpin's required password.
The purloined telephone number was accessed to hack Mr. Terpin's accounts, resulting in the loss of over $24 million of cryptocurrency coins.
It was AT&T's act of providing hackers with access to Mr. Terpin's telephone number without adhering to its security procedures that allowed the cryptocurrency theft to occur. What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.
AT&T is doing nothing to protect its almost 140 million customers from SIM card fraud. AT&T is therefore directly culpable for these attacks because it is well aware that its customers are subject to SIM swap fraud and that its security measures are ineffective. AT&T does nothing to protect its customers from such fraud because it has become too big to care.
"Mainstream adoption of cryptocurrency cannot take place as long as phone company employees are handing over critical unauthorized access to the heart of everyone's digital lives," said Terpin. "AT&T has a well-established track record of violating user privacy and security, endangering billions of dollars in digital assets, and must be called to account."
About Michael Terpin:
Michael Terpin is one of the highest profile thought leaders, entrepreneurs and investors in the blockchain sector. He co-founded the first angel group for bitcoin investors, BitAngels, in early 2013, and the first-ever digital currency fund, the BitAngels/Dapps Fund, in March 2014, and is currently a senior advisor to Alphabit Fund, one of the world's largest digital currency hedge funds. Terpin's work with more than 100 token crowdsales, including Augur, Ethereum, MaidSafe, Neo and Qtum, led to CNBC calling Terpin "the godfather of crypto." He is founder and CEO of Transform Group, the leading PR and advisory company for the public blockchain industry, and he organizes the long-running CoinAgenda global investor conference series and monthly TokenMatch investor events.
Prior to his involvement in the blockchain, Terpin founded and sold Marketwire, the first Internet-based press release distribution company, now owned by the West Corp. division of Apollo Global Management APO, -0.39% and his first PR firm, The Terpin Group, now part of FTI Consulting FCN, +0.77% He is on the board of Syracuse University's prestigious Newhouse School of Communications, and he is a popular speaker on global blockchain circuit.
For a copy of the complaint and corresponding exhibits, please visit the following links:
Complaint: https://www.greenbergglusker.com/content/uploads/2018/08/Complaint-as-Filed-3063362-1.pdf
Exhibits: https://www.greenbergglusker.com/content/uploads/2018/08/Exhibits-A-D-Filed-3063361-1.pdf