AT&T faces another lawsuit, as a victim sues for a cell phone hack that stole his life savings, totaling $1 million.
Rob Ross says that back in October 2018, he was in his home office in San Francisco. Suddenly, a withdrawal notification appears on his iPhone. Immediately, his phone service goes out. Upon restoring it, he discovers that $1 million is stolen from his bank account. “I had $1 million stolen that night. It included my daughter’s college fund, my retirement,” Ross says.
Ross reached out to cybercrime task force React to get to the bottom of his financial theft. It turns out the perpetrator used a hacking method called SIM swapping to steal Ross’s life savings. React worked with investigators to connect Ross’s unfortunate incident with other SIM swapping cases. Ultimately, it led them to the home of 21-year-old Nicholas Truglia. Truglia is a social media star who posted all his new jewelry and possessions after stealing Ross’s money. Truglia was arrested and charged with computer crime with the intent to defraud.
SIM swapping and another AT&T cell phone hack
SIM swapping occurs when someone convinces a user’s carrier to swap out their current SIM card for one they own. The phone number of the owner’s account the hacker wants to access is also transferred to the hacker’s SIM card. Once complete, the hacker gains access to everything the owner controls on the phone: email, passwords, financial information, photos, and so on.
How do hackers pull off SIM swapping? It’s simple. They could have someone on the inside of a wireless carrier that works for them. That person could then pull off the scheme as legitimate personnel without leaving a trace. Hackers recruit mobile retail employees, who then pull off the hacking jobs within the carrier.
This isn’t the first lawsuit brought against AT&T by one of its customers. Transform Group Founder and CEO Michael Terpin filed a $224 million lawsuit against AT&T in August 2018 for a SIM swap attack that stole $23.8 million in 3 million cryptocurrency tokens. Terpin’s lawsuit against AT&T was for the second SIM swap attack he personally experienced. AT&T claimed it instituted more protective measures after Terpin’s first loss but the new measures didn’t prevent him from being victim to a second attack.
SIM swap lawsuits, carrier, and customer responsibility
Rob Ross’s lawsuit, as is the case with Michael Terpin’s, demonstrate that some customers believe it’s the wireless provider’s responsibility to not only provide wireless service but also protect customer data. If customers are allowing wireless providers access to their data, the reason goes, then providers should do everything to enact greater mobile security measures so that hacking attacks like SIM swaps are more difficult to perform.
Many wireless providers believe that they are just providers of wireless internet — and that’s all. Any responsibility for customer data lies with the customer, some say. And yet, if wireless providers are unable to protect customer data, how can providers expect customers to possess such technical knowledge?
AT&T’s carelessness with customer data
America’s second-ranked carrier could claim it’s innocent, but Ma Bell has also been guilty of selling customer location data to third parties for profit. With AT&T’s data carelessness comes the fact that the company recently hired Verizon to manage its customer portal — something that has to be against some type of professional rule in the carrier industry. Giving Verizon access to AT&T customer data seems ethically and morally wrong, on some level, even if legally acceptable.
When a carrier plays fast and loose with customer data, a lawsuit to hold it accountable is justified. Wireless providers may not like it, but they are their customers’ data keeper.