Entrepreneur and cryptocurrency investor Michael Terpin sued AT&T on Wednesday, claiming that it should be held liable for fraudsters who hijacked his phone number and stole about $24 million worth of cryptocurrency.

The suit, filed in U.S. District Court for the Central District of California by a team at Greenberg Glusker Fields Claman & Machtinger led by Pierce O'Donnell, seeks to recover Terpin's losses as well as $200 million in punitive damages. He claims that AT&T knew that employees at its retail stores could override security measures meant to protect high-profile customers or those who were likely targets of fraud.

“AT&T does virtually nothing to protect its customers from such fraud because it has become too big to care,” wrote the Greenberg Glusker lawyers. “The prevalence of SIM swap fraud and AT&T's knowledge of such fraud, including the active participation of its own employees in the fraud, demonstrate that the January 7, 2018 SIM swap fraud on Mr. Terpin that led to the theft of nearly $24 million in cryptocurrency was neither an isolated nor an unforeseeable event,” they wrote.

A spokesman for AT&T told Reuters Wednesday the company disputed the allegations and looks forward to presenting its case in court.

SIM swap fraud, also called SIM swapping, SIM hijacking, or “port out scam,” involves fraudsters who have access to a target's phone number convincing a telecom employee to load a SIM card with the number. The tactic allows the fraudsters to gain access to a target's accounts via their own device, even in some cases where those accounts are protected by two-factor authentication.

Terpin alleges that he was initially targeted using the tactic in June of last year when his phone suddenly became inoperable. He claims he quickly alerted AT&T and the cloned SIM card was shutdown. Terpin also noted that when he met with AT&T representatives two days later, they added a requirement for a 6-digit passcode to be presented on his account to make any future changes, something available for “high risk” or “celebrity” accounts.

But according to the lawsuit, an AT&T employee sidestepped the passcode requirement in January of this year and assisted fraudsters who then made off with about $24 million in cryptocurrency.

“In reality, the vaunted extra protection was, like the Maginot Line, a useless defense that was easily evaded by AT&T's own employees, who it knew or should have known actively cooperated with hackers in SIM swap fraud,” Terpin's lawyers wrote. “Despite AT&T's knowledge of the futility of these actions, AT&T falsely informed Mr. Terpin, to his detriment, that he should implement such additional security measures.”

On Wednesday, Terpin took to Twitter to announce the lawsuit:

Read the complaint here:

|