US OPERATOR AT&T has been slapped with a $224m lawsuit by a customer who claims the company's "negligence" led to the theft of almost $24m (£18.9m) in cryptocurrency.
According to Terpin, hackers were twice able to convince AT&T to connect his number to a SIM card they controlled, enabling them to divert his calls and messages to them and to defeat two-factor authentication protections on his accounts.
Terpin alleges that, by bypassing 2FA, the as-yet-unknown hackers were able to take over his Skype account, where they convinced a client to divert a payment to themselves.
The second hack, which came after AT&T agreed to put an additional passcode on his account, saw a fraudster visit an AT&T store in Connecticut and manage to hijack Terpin's account without providing the code or a "scannable ID" as AT&T requires, the complaint alleges.
Terpin believes the imposter was able to get his to get his phone number from an "insider cooperating with the hacker"
"What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewellery in the safe from the rightful owner,' the complaint says.
"AT&T is doing nothing to protect its almost 140 million customers from SIM card fraud. AT&T is therefore directly culpable for these attacks because it is well aware that its customers are subject to SIM swap fraud and that its security measures are ineffective.
"AT&T does virtually nothing to protect its customers from such fraud because it has become too big to care."
In a statement, AT&T said: "We dispute these allegations and look forward to presenting our case in court."
Privacy of the ballot box
See how you don't get to like them Apples
Who do Yahoo think you are
Out to Glassture