Lawsuit Filed Against T-Mobile Over SIM Swapping Incident

An aggrieved Californian has filed suit against T-Mobile USA, Inc. for the wireless carrier’s alleged failure to safeguard his personal and financial information. The complaint, filed Monday in the Southern District of New York, claims that the plaintiff, Calvin Cheng, was a derivative victim of SIM swapping, a type of fraud whereby a perpetrator tricks a target’s mobile carrier into transferring their wireless service to a device under the perpetrator’s control.

The filing further explains that unlike other types of cyberattacks, SIM swapping is actualized by the carrier itself. Once a fraudster takes control of a victim’s SIM card data, they may “seamlessly impersonate the legitimate wireless customer,” the plaintiff asserts. The complaint also notes that individuals known to hold large quantities of cryptocurrency are often the targets of SIM swapping, as was the victim involved in the instant controversy.

Here, the plaintiff claimed that he lost in excess of $450,000 in cryptocurrency investments due to an account takeover scheme, which would not have occurred, “but for T-Mobile’s negligent practices and its repeated failure to adhere to federal and state law.” Specifically, the plaintiff was induced to sell bitcoin, for a premium, to hackers impersonating a principal of an investment fund the plaintiff knew of and trusted. The hackers SIM swapped the principal’s T-Mobile number in order to take over his accounts and sent the plaintiff a message proposing the supposedly legitimate transaction.

Allegedly, after corroborating the principal’s identity, the plaintiff then transferred the bitcoin to a digital wallet he thought the principal controlled, expecting U.S. dollars in return. However, the plaintiff received nothing. Subsequently, the communication and transaction records were deleted.

Cheng argued that T-Mobile breached its duty to protect the security and privacy of its customers’ personal and financial information causing him to suffer hundreds of thousands of dollars in damage. The filing brings six causes of action under the Federal Communications Act, the Computer Fraud and Abuse Act, a New York consumer protection statute, and tort law. The plaintiff, represented by Wilson & Chan LLP, seeks compensatory, statutory, and punitive damages.

Relatedly, Congress recently asked the Federal Communications Commission (FCC) to require more from mobile providers in the face of increasing SIM swapping scams. As previously reported, the lawmakers beseeched the FCC to make wireless providers “protect consumers from fraud and the theft of their most sensitive personal data.”