A current lawsuit illustrates the old truism that a corporation can flourish or perish as a result of one hire.
Sixteen counts of fraud, gross negligence, invasion of privacy, unauthorized disclosure of confidential client records, breach of a consent decree, failure to supervise its workers and research their criminal background, and associated fees will be the subject of a complaint filed with the U.S. District Court in Los Angeles from cryptocurrency investor and entrepreneur Michael Terpin.
The goal of this suit is AT&T, branded "too big to care" from the 69-page lawful screed, which seeks $200 million in punitive damages and $24 million in compensatory damages. The assert: Terpin was the casualty of a SIM swap fraud which happened because of AT&T's negligence.
Whilst even the most secure cryptocurrency storage methods aren't failsafe, the lawsuit shines a light on the risks of storing uninsured assets in an online environment.
"AT&T's studied indifference to protecting its clients' privacy and financial assets are metastasizing cancer, threatening tens of thousands of millions of prospective AT&T customers," explained Pierce O'Donnell, direct counselor for Terpin from the criticism. "Our customer had no idea when he originally signed , nor once he was promised the highest level of security for his accounts, that nonexistent retail employee using AT&T records, or people posing as these can be bribed by offenders to reevaluate every system that AT&T advertises as unassailable."
According to a press release distributed with a paid cable service, Terpin's lawsuit seeks a remedy to January 7, 2018, theft of more than a million cryptocurrency tokens. The lawsuit alleges that the currency was stolen with the help of an AT&T employee. The mode of attack, SIM swapping, which is a type of identity theft on the rise--was recently utilized in a highly publicized Reddit attack. SIM swapping involves re-routing communications from somebody's cell phone to an individual's apparatus and then using that accessibility to authenticate the re-assignment of accounts into the thief.
In this situation, the phone account was supposedly transferred to an international criminal group that has been tracked by the FBI and other state and federal law enforcement agencies. $24 million in cryptocurrency was stolen as a consequence of the alleged compromise.
The complaint states that "AT&T's gross negligence is compounded by the fact it guaranteed Terpin unreachable [sic] safety on its end through a unique, allegedly unchangeable password after a lesser SIM swap thieving in June 2017."
Promising Perfection Is reckless
Among the first guidelines in cybersecurity is that no one is secure. Breaches and compromises are the third certainties in existence, right behind death and taxes. The reasons for that are many, but people are often the cause. No one's perfect, and the exact same holds for systems. No matter how secure we think something is, there is someone who can split in.
If AT&T guaranteed the security of the account in question as the complaint alleges, Terpin's situation might well be a landmark in the building. It has long been the case in which cyber-security and identity theft protection companies cannot guarantee flat-rate protection. No one else ought to be in a position to either.
Perhaps more disturbing is the reveal on the meager protections for this massive amount of money. While the lawsuit may succeed, the inquiry concerning how it was possible for thieves to make off with $24 million worth of cryptocurrency stays. There are myriad ways to protect such resources, however two-factor authentication (susceptible to SIM swapping) is not the most secure.
A Class Of One?
In a perfect world, a scenario similar to this would not be possible. AT&T would not guarantee its safety, the level of consciousness regarding possible crimes would be higher, and the cyber-hygiene connected to the storage of Terpin's cryptocurrency would have been better.
We do not live in a perfect world. The DIY justice here is reminiscent of consecutive entrepreneur Peter Thiel's legal war against Gawker. Even the PayPal billionaire was famously maligned by the site, which had been subsequently shuttered by the Hulk Hogan sex tape lawsuit endorsed by him. Turpin's lawsuit is a traditional version of American justice where the wealthy may make a bid to get its benefit of the legislation without needing to resort to some class action suit.
What's at stake is cybersecurity. The reason a private citizen must mount an attack: there's no sheriff in the Wild West which is the online environment in the USA. When there are some protections, it's scattershot. While this remains the case, individuals will need to fend for themselves--the wealthier among us position a better shot at doing this.