T-Mobile is facing yet another SIM swapping complaint involving cryptocurrency theft. Last week, a Philadelphia man named Richard Harris filed a complaint in the Eastern District of Pennsylvania against the wireless giant alleging he lost approximately $55,000 worth of Bitcoin due to the company’s failure to safeguard his account (via). The theft took place on or around July 5, 2020.
SIM-swap fraud exploits a carrier’s ability to port (or transfer) a phone number as well as the associated data from one device to another device containing a different SIM. This ability comes in handy when a subscriber loses or damages their phone. They can seamlessly port the number to another SIM and continue using the same wireless services as before.
Of course, porting a number requires individuals to prove their identity. However, identity theft is as much prevalent as well. Once fraudsters have obtained all the details and proofs required to prove an individual’s identity, they use that information to convince the carrier (perhaps its employees) to port the number to their device. They will then receive all the SMS and voice calls intended for the victim, as well as have access to other personal information.
In this case, the crook(s) allegedly visited a T-Mobile store in or around Miami, Florida, where they could easily convince the company agents to provide them access to the plaintiff’s account and SIM data. Once they gained access, they emptied Mr. Harris’ Coinbase account, which contained Bitcoin with a current estimated value of over $55,000.
According to the complaint, this SIM-swap fraud was likely perpetrated by a T-Mobile employee or at least “effectuated and facilitated by T-Mobile and its employees”. That seems even more probable when you take into account that the unknown party was able to bypass the two-factor authentication (2FA) security measures.
This isn’t the first SIM swapping complaint against T-Mobile
T-Mobile has been sued over failure to stop SIM swapping frauds in the past as well. Early last month, a Pennsylvania woman alleged that she lost $20,000 in cryptocurrency due to the company’s negligence in verifying her identity. Before that, a Californian man in February had alleged losing over $450,000 in cryptocurrency investments to a similar fraud. There have been many more cases earlier.
Quite clearly, T-Mobile needs to be more vigilant while verifying an individual’s identity if they request a SIM port. Perhaps this applies to all wireless carriers. Hopefully, they’ll implement some additional measures to mitigate this issue.
Mr. Harriss is suing T-Mobile on several counts. These include violations of the FCA; negligence; negligent hiring, retention, and supervision; gross negligence; violation of the Stored Communications Act; violation of the Wiretapping and Electronic Surveillance Control Act; and violation of the Unfair Trade Practices and Consumer Protection Law.
The plaintiff is seeking actual damages as well as statutory, treble, and punitive damages. Mr. Harriss is also seeking replacement of his property, attorney’s fees and costs, prejudgment interest, and other relief.