ESPAÑOL
McGillivary Steele Elkin Hero Background Image

October 2, 2024

SIM-Swap Attack Victim Allowed to Sue AT&T under Federal Communications Act, Ninth Circuit Court of Appeals Rules

Home » News » SIM-Swap Attack Victim Allowed to Sue AT&T under Federal Communications Act, Ninth Circuit Court of Appeals Rules

On September 30, 2024, the Ninth Circuit Court of Appeals—which covers California, Oregon, Washington, Idaho, Montana, Nevada, Arizona, Alaska, and Hawaii—ruled that a victim of a SIM-swap attack could sue AT&T under the Federal Communications Act (FCA) for allegedly enabling the attack through its lax security policies. The FCA protects certain customer information from disclosure, including information relating to the configuration, usage patterns, and location of the cell phone. The FCA requires that cellular providers “take reasonable measures to discover and protect against attempts to gain unauthorized access” to this information, and enables customers to sue if a cellular carrier fails to do so. Successful customers can recover damages, as well as the cost of their attorney. 

In the Ninth Circuit case, Terpin v. AT&T Mobility, LLC, No. 23-55375, the plaintiff experienced two consecutive SIM-swap attacks, resulting in the theft of millions of dollars of cryptocurrency. SIM-swap attacks target a cell phone’s SIM card, which is effectively the phone’s “ID badge” for the cellular network. The SIM card tells the network which account and phone number is associated with a particular phone. As such, if you swap a SIM card from one phone to another, the two phones will also swap phone numbers, and text messages that used to go to the first phone will now go to the second one. 

In a SIM-swap attack, scammers will convince a customer service agent at the cellular company to swap a victim’s information from one SIM card to another. The scammers will then place that SIM card in their own phone and use the control that gives them over the victim’s phone number and text messages to reset the passwords on, and thus access, the victim’s accounts. In Terpin, the Court explained that the kind of information stored on a SIM card is exactly the type of information protected from disclosure under the FCA. The Court went on to explain that, in addition to the information stored directly on the SIM card, the information that the scammers had access to while in control of the phone number was also protected under the FCA. As such, the court allowed the claim to go forward.  

SIM-swap attacks and other data breaches are a widespread danger, and the ways in which people can protect themselves from these breaches—or hold accountable the individuals and companies responsible for such breaches when they occur—are constantly shifting.

 

If you have been the victim of a SIM-swap attack or other data breach, do not hesitate to contact us at McGillivary Steele Elkin to speak with one of our experienced attorneys.

Legal Representation for All Workers

When McGillivary Steele Elkin LLP decides to take your case, it is because we believe there is an unacceptable workplace violation that has negatively impacted you or resulted in your employer paying less than what the law requires and which we have a reasonable chance of remedying. We recognize that meritorious claims should not go unremedied because of the level of a person’s resources.

To ensure accessible and available legal representation for all our clients, MSE handles cases through different forms of fee arrangements, including contingency fees, hourly fees and fixed fees.

McGillivary Steele Elkin Chat Icon