T-Mobile has paid $33 million in fines after a customer lost millions in cryptocurrency in a SIM swapping attack. The Los Angeles-based law firm Greenberg Glusker has announced that it has secured a massive arbitration award against T-Mobile over the telco’s mishaps related to the SIM swap hack.
A T-Mobile customer lost his crypto fortune due to a major security failure
The huge sums of fines on T-Mobile originated from a February 2020 SIM swapping attack that targeted the tech entrepreneur Joseph “Josh” Jones. Glusker suggests that the attackers stole more than 1,500 Bitcoin (BTC) and nearly 60,000 Bitcoin Cash (BCH), valued at $38 million at the time.
Numerous security failures at T-Mobile led to the SIM swap incident, which sparked a massive legal battle. The law firm notes that the parties have kept the court ruling in the lawsuit under wraps since the fall of 2023. T-Mobile didn’t want details of the security flaws to come out. However, a recent petition to confirm the award of the lawsuit brought those details into public view.
Infiltration of the carrier’s systems allowed threat actors to conduct the attack
As per the source, the threat actors managed to hijack Jones’ T-Mobile account, even with the enhanced PIN protection. An employee of the carrier facilitated the attack by consenting to move Jones’ mobile number to a SIM card under the threat actor’s ownership. However, the PIN protection on the account should have been enough to prevent the hacker from making changes. This led Jones to suspect that the threat actor used a backdoor on the carrier’s systems.
“SIM swapping has been an unchecked security flaw for years. Carriers like T-Mobile have known about it and failed to take basic precautions. This award makes it clear: they must do better,” said Paul Blechner of Greenberg Glusker.
Investigations into the incident revealed that a 17-year-old teen conducted the SIM swapping attack in the case. He reportedly had links with other cybercriminals, who targeted over 100 Twitter accounts in 2020, including those belonging to Joe Biden, Elon Musk, Bill Gates, and Jeff Bezos.
T-Mobile has been involved in SIM swapping attacks before. In 2022, a US man received a sentence for stealing $20 million in crypto via a SIM swap attack. A year later, a SIM swapping attack involving T-Mobile targeted advisory firm Kroll. The attack exposed data from many bankrupt crypto firms, including Genesis, FTX, and BlockFi.
Source link
