Consuelo Marshall, a US District Judge, has officially rejected the bid made by AT&T to dismiss a lawsuit. This lawsuit claims that the company had been negligent due to its failure to prevent the theft of approximately $1.8 million in cryptocurrencies. This amount of crypto was stolen from Seth Shapiro, an investor.
Shapiro Allowed To Continue Case
Through the Judge’s order that allowed the suit to continue, the claims Shapiro had made would be altogether left intact. These include claims brought under the Computer Fraud and Abuse Act, claims of negligence, negligent supervision, as well as a request for punitive damages.
Shapiro stands as a media tech consultant, one that has won an Emmy Award. He had previously operated for big names like Showtime, as well as Disney, and had filed the suit back in December of 2019 against AT&T. This suit alleged that the firm’s failures in security allowed for the thefts to occur across multiple attacks.
SIM-Swap Attack Costs Shapiro Dearly
The attack came first by way of a SIM-swap attack. These attacks need the participation of an employee from a telecom company in order to work to its fullest. This telecom employee, either unwittingly, or deliberately, must reassign the victim’s account to a SIM that is controlled by a malicious actor. From there, this actor will be capable of gaining access to accounts or information that the target owned.
It should be noted that there are several ways to impersonate someone to do this without having an employee in on the scheme. Although, it’s a lot easier just to get an inside man.
The Court order explained that Shapiro had suffered the first SIM-swap attack during May of 2018. After the attack, an employee of AT&T took note of the activity of Shapiro’s SIM swap and gave assurances that it would not be swapped again without his express authorization.
Amended Complaint Due To Be Filed
The complaint Shapiro had failed explained that AT&T had been unable to implement the proper data security procedure and systems afterwards. Furthermore, the complaint stated that it had failed to supervise its personnel, only standing by as its employees leveraged their position within the company. Through this position, the complaint states, the employees were capable of gaining unauthorized access to the accounts of Shapiro, using it to rob, extort, and otherwise threaten him in exchange for money.
With the bid of dismissal denied, Shapiro will have until the 29th of May, 2020, in order to file another, amended complaint. This would be in order to respond to the Court order.
