Crypto Entrepreneur Sues T-Mobile Over SIM Swapping Attack Author: Jimmy Aki Last Updated: 23 July 2020 SIM swapping attacks appear to be growing in popularity, as another major telecoms provider is getting roped into a lawsuit over possible complicity. This week, Reggie Middleton, the chief executive of crypto firm Veritaseum, filed a complaint with the United States District Court for the Eastern District of New York against T-Mobile, accusing the firm of enabling a SIM swapping attack against him. T-Mobile’s Insufficient Security Protocols SIM swap attacks aren’t a new phenomenon. They involve people who manage to use social engineering to tick telecoms companies into believing that they are their victim, thus obtaining confidential information — such as email passwords, wallet IDs, banking information, etc. Once they gain this information, they can access confidential files – and, in most cases, their victims’ money. In Middleton’s complaint, he explained that SIM swappers had initially targeted him in July 2017. He noticed the attempt and immediately notified T-Mobile, but the firm allegedly did little to protect him. As a result, Middleton claimed that he suffered four such attacks in 2017 and a series of more in 2018 and 2019. In his suit, he accused the company of having failed to protect his personal and financial information. “As a result of T-Mobile’s gross negligence in protecting plaintiffs’ information, its negligent hiring and supervision of T-Mobile employees who were responsible for safeguarding that information… Plaintiffs lost $8.7 million in cryptocurrency.” The suit also pointed out that the repeated identity theft instances had caused Middleton severe fear, anxiety, and emotional stress. The Crypto Space’s History with SIM Swapping SIM swapping attacks have been especially rampant in the crypt case. One crucial pattern, however, is that telecoms providers always get the blame for the attacks. One of the most high-profile SIM swapping cases so far involves Michael Terpin, a serial crypto investor against AT&T. Terpin filed a lawsuit against AT&T in August 2018, accusing the company’s employees of being complicit in two separate SIM swapping attacks between seven months. Like Middleton, Terpin claimed that he had complained to AT&T. He added that the company knew that some of its employees were conspiring with hackers against him. Still, the firm did nothing to improve its security infrastructure. The suit claimed that Terpin had lost $23.8 million in cryptocurrencies. However, he sought his money in restitution and a further $200 million in punitive damages. Up until this year, both parties had traded filings supporting their claims. However, AT&T moved to dismiss Terpin’s claims permanently this year. A District Court judge in California already dismissed 13 of Terpin’s 16 claims in February. However, the telecoms company is resolute in its stand that it did nothing wrong. As for the threat of SIM swapping attacks, the government is also stepping in to take action. In January, six Democrats from the U.S. House of Representatives and the Senate wrote to Ajit Pai, the Chairman of the Federal Communications Commission (FCC), asking that the body impose stricter standards on mobile carriers to help them mitigate SIM swapping attacks. The lawmakers pointed out that SIM swapping complaints had grown from 215 in 2016 to 728 in 2019. They additionally proposed several questions to the agency, hoping to assess and recommend means to improve reporting and security enforcement protocols.