Back in 2017, Michael Terpin, a cryptocurrency investor and founder of BitAngels, was a victim of fraud. At the time, Mr. Terpin’s phone was hacked through SIM-swapping. This scam involves the theft of a mobile phone number to hijack financial and social media accounts, therefore gaining access to sensitive data and stealing money in the process.
Criminals were then able to contact some of Mr. Terpin’s investors by impersonating him and convincing people to send cryptocurrency. After this first incident, Mr. Terpin’s account was placed in a higher security level to avoid another event of this sort. Unfortunately, said mechanism failed in 2018 when Mr. Terpin’s phone was hacked for a second time, which allegedly was possible thanks to the aid of an AT&T employee. This second scam resulted in the loss of almost $24 million in digital assets after hackers used Terpin’s 2-Factor Authentication passwords to bypass the security of multiple accounts. Now Terpin is suing AT&T for allegedly failing to prevent this attack from happening.
AT&T, one of the biggest telecommunication companies in the United States, claims that it is not responsible for the $200 million punitive damages that Mr. Terpin seeks. The company disputes Mr. Terpin’s complaint, claiming a lack of responsibility from their part and arguing no adequate demonstration from Mr. Terpin’s legal team to prove that the telecom giant is guilty of deceit by concealment or deceit by misrepresentation.
Mr. Terpin ignores the undisputed fact that AT&T disclosed to him that it could not guarantee that third parties would not take unauthorized actions that would disclose his personal information… Mr. Terpin’s deceit and misrepresentation claims seek to punish AT&T not for concealing or misrepresenting material facts, but simply for failing to provide further specifics on how Mr. Terpin’s information could be stolen.
On February 24, 2018, Judge Otis Wright II had already attributed the hack to AT&T for providing inadequate security measures to protect Mr. Terpin’s SIM card, adding that the company is morally culpable for failing to prevent the SIM swapping despite being aware of the vulnerability of the customer in question. During this hearing, the judge rejected AT&T’s motion to dismiss the claims and ruled that Mr. Terpin could proceed wit his lawsuit against AT&T.