AT&T loses appeal on major SIM swap litigation and must return to District Court


Plaintiff alleges that an AT&T insider helped a criminal enterprise obtain his SIM card leading to a $24 million theft

Terpin, a cryptocurrency investor at that time, had set up his accounts to make them as secure as possible, even consulting with a security expert to help him with this task. The victim’s theory is that criminals were going through the LinkedIn app to find people working at wireless providers that could be paid off to help the criminal obtain a SIM card for the victim’s phone. When this card is inserted into a burner device owned by the criminal, he has complete control over the victim’s handset, apps, and other accounts.

Terpin said, “The one thing that’s been a link between [crypto hacks] is that in every case they’ve had an insider.”  He states that the FBI, Homeland Security, and the U.S. Secret Service know the identity of the rogue AT&T employee who was involved in the hack of his phone which resulted in the theft of $24 million worth of cryptocurrency from his account.
The victim took AT&T to court seeking $224 million (which included $200 million of puniutive damages) claiming that the SIM swap and subsequent theft was AT&T‘s fault. In April 2023 (the U.S. justice system moves at a glacial pace) Judge Otis Wright II granted AT&T’s motion for summary judgment giving the wireless provider the legal victory. The same judge had previously thrown out the $200 million damages claim stating that AT&T‘s privacy policies didn’t guarantee that customers would be protected from a third-party hacking.

Terpin’s big victory in the Ninth Circuit Court of Appeals came about when the judges ruled that customer proprietary network information (CPNI), which is protected under the Federal Communications Act, may have been violated. The court’s decision stated that agreeing with AT&T‘s “constrained view of CPNI” would lead to “absurd results.”

Mr. Terpin’s lead attorney, Pierce O’Donnell, senior partner at Greenberg Glusker, said, “This is a major precedential decision of national significance. Rejecting all of AT&T‘s arguments, the Court of Appeal held that AT&T can be liable in damages under the Federal Communications Act when it allows a hacker to get into its system, access the customer’s AT&T account, and steal the customer’s private information or assets–in this case $24 million of cryptocurrency.”

Terpin will seek at least $45 million from AT&T which includes interest and attorney’s fees

O’Donnell continued by adding, “The decision paves the way for our client to go to trial and hold AT&T accountable after more than six years of litigation. We look forward to asking a Los Angeles federal jury to award Mr. Terpin $24 million plus at least $14 million of interest plus his attorney’s fees for a total of at least $45 million.”

After the decision by the Appeals Court to remand the case back to U.S. District Court in Los Angeles, Terpin said that the decision goes beyond his particular case. “This is not just a victory for me, but for thousands of innocent consumers who had their identity compromised, their safety and privacy breached, and in many cases their funds stolen due to lax and indifferent security practices by AT&T,” he stated. “Letting this summary judgment stand would have been a horrific precedent. I am grateful to the Ninth Circuit Court of Appeals for their comprehensive analysis and just decision.”

Gizmodo published an article in May, 2020 that named Ellis Pinsky, a teenager at the time of the theft, as the ringleader behind the crime. Pinsky allegedly ran a 20-man crew that used SIM swaps and other illegal methods to steal over $100 million in cryptocurrency.



Source link