A California judge overseeing litigation accusing AT&T of negligence, fraud, and other violations dismissed a $200 million damages claim against the telecommunications giant. The court narrowed allegations filed by Michael Terpin, but it allowed him to sue AT&T for the $24 million he lost after a company agent was allegedly bribed by a criminal gang.
Earlier last year, AT&T found itself on the end of a lawsuit after a customer accused it of allowing hackers to swap his SIM card, in what appears to be an elaborate scheme by fraudsters.
Michael Terpin, a serial cryptocurrency entrepreneur and technology Startup extraordinaire, claimed that AT&T’s lack of security allowed hackers to enter his wireless account and steal crypto coins worth roughly $24 million.
However, the phone and internet service provider claimed that it is not responsible for a series of recent SIM-swapping complaints. But the Judge engaged in the lawsuit denied AT&T’s request to dismiss the case or disregard its legal Obligations , saying the company “can be held to answer a lawsuit by Michael Terpin for enabling the theft of $24 million of his cryptocurrency by giving his SIM card to hackers.”
AT&T allegedly placed Mr.Terpin’s account on a higher security level with special protection. This included requiring a six-digit passcode (known only to Terpin and his wife) of anyone attempting to access or change his account settings or transfer his telephone number to another phone.
The Carrier Was 'Overly Optimistic' in Making Its Promise
The suit goes on to attribute the incident to “AT&T’s willing cooperation with the hacker, gross negligence, violation of its statutory duties, and failure to adhere to its commitments in its Privacy Policy.”
However, the court recognized that AT&T disclosed the limits of its security protections and that its privacy policy explicitly states it cannot guarantee that customers’ personal info will never be disclosed “as the result of unauthorized acts by third parties.”
“Even if AT&T knew that the six-digit code could not prevent every potential security breach; the Court cannot infer from Mr. Terpin’s allegations that AT&T intended for the code to provide no increase to security when it promised additional protection. A defendant may be 'overly optimistic' in making its promise, but “an erroneous belief, no matter how misguided, does not justify a finding of fraud,” the judge further explained.
The lawsuit described the case as an example of classic identity theft, in which hackers gained access to sensitive financial information by stealing personal data. It is unclear exactly how the thieves replaced Terpin’s mobile SIM, but the lawsuit suggests they impersonated him to AT&T’s customer service agents and requested that the phone number be transferred to their own device.
Once the thieves had access to his phone number, they were able to request a password change and reset the security on many of his accounts, effectively locking him out. The hackers also changed the password on his cryptocurrency account and initiated the transfer of digital assets to their own wallets.