Twitter LinkedIn Share this page Facebook RSS

Blogs

Financial Services Law BlogLegal updates, news, and commentary from the attorneys of Baker Sterchi Cowden & Rice LLC

$224 million sought in lawsuit against AT&T over cryptocurrency theft

August 22, 2018 | Megan Stumph-Turner

A cyber thief was able to trick AT&T into providing Michael Terpin’s account information, enabling that thief to make off with nearly $24 million in cryptocurrency belonging to Terpin, according to a complaint filed in the U.S. District Court for the District of California in Los Angeles.

In the lawsuit, among other things, Terpin alleges that AT&T was negligent in failing to protect its customers’ private data, and that it willfully disregarded unlawful transactions between AT&T employees and cyber thieves. Terpin claims that his digital currency was lost due to a “SIM swap fraud,” where the customer’s phone number is transferred to a SIM card operated by a hacker, who then resets the customer’s passwords and logs into their accounts in order to obtain confidential data and access to assets. Terpin believes that an AT&T employee cooperated in the swap that caused him to lose digital coins that would have been valued at $23.8 million in January of 2018, during a time where the value of the bitcoin was soaring, as previously reported by the BSCR financial services law blog. Because he has been publicly involved in cryptocurrency enterprises, Terpin was a prime target for cyber thieves.

AT&T has responded to the complaint publicly, stating, “We dispute these allegations and look forward to presenting our case in court.” Terpin, though, alleges that the telecommunications juggernaut has simply become “too big to care,” prioritizing expansion and acquisition over investing in hiring qualified professionals, providing ongoing training, or investing in systems that would better protect customer data.

While it remains to be seen what the outcome of this litigation will be, this lawsuit serves as a cautionary tale to any large institution that possesses sensitive online account data of its customers. These institutions would be well advised to look into their hiring and training procedures, as well as to consider implementing secure storage systems, in order to curtail future liability. BSCR will continue to monitor this litigation and will provide updates as milestones occur in the case.

Subscribe
About Financial Services Law Blog

The BSCR Financial Services Law Blog explores current events, litigation trends, regulations, and hot topics in the financial services industry.  This blog will inform readers of issues affecting a wide range of financial services, including mortgage lending, auto finance, and credit card/retail transactions. Learn more about the editor, Megan Stumph,  and our Financial Services practice.

DISCLAIMER

The Financial Services Law Blog is made available by Baker Sterchi Cowden & Rice LLC for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. Your use of this blog site alone creates no attorney client relationship between you and the firm.

CONFIDENTIAL INFORMATION

Do not include confidential information in comments or other feedback or messages related to the Financial Services Law Blog, as these are neither confidential nor secure methods of communicating with attorneys. The Financial Services Law Blog should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.