A California judge overseeing litigation accusing AT&T of negligence, fraud, and other violations dismissed a $200 million damages claim against the telecommunications giant. The court narrowed allegations filed by Michael Terpin, but allowed him to sue AT&T for the $24 million he lost after a company agent was allegedly bribed by a criminal gang.
Earlier last year, AT&T found itself on the end of a lawsuit after a customer accused it of allowing to swap his SIM card, in what appears to be an elaborate scheme by fraudsters.
Michael Terpin, a serial cryptocurrency entrepreneur and technology startup extraordinaire, claimed that ’s lack of security allowed hackers to enter his wireless account and steal crypto coins worth roughly $24 million.
Phone and internet service provider, however, claimed that it is not responsible for a series of recent SIM-swapping complaints. But the Judge engaged in the lawsuit denied AT&T’s request to dismiss the case or disregard its legal obligations, saying the company “can be held to answer a lawsuit by Michael Terpin for enabling the theft of $24 million of his cryptocurrency by giving his SIM card to hackers.”
AT&T allegedly placed Mr.Terpin’s account on a higher security level with special protection. This included requiring a six-digit passcode (known only to Terpin and his wife) of anyone attempting to access or change his account settings or transfer his telephone number to another phone.
The carrier was “overly optimistic” in making its promise
“Even if AT&T knew that the six-digit code could not prevent every potential security breach; the Court cannot infer from Mr. Terpin’s allegations that AT&T intended for the code to provide no increase to security when it promised additional protection. A defendant may be “overly optimistic” in making its promise, but “an erroneous belief, no matter how misguided, does not justify a finding of fraud,” the judge further explained.
The lawsuit described the case as an example of classic identity theft, in which hackers gained access to sensitive financial information by stealing personal data. It is unclear exactly how the thieves replaced Terpin’s mobile SIM, but the lawsuit suggests they impersonated him to agents and requested that the phone number be transferred to their own device.
Once the thieves had access to his phone number, they were able to request a password change and reset the security on many of his accounts, effectively locking him out. The hackers also changed the password on his cryptocurrency account and initiated the transfer of digital assets to their own wallets.