The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

California man sues T-Mobile after losing digital cash

Photo of author
By:
Matthew Keys
»

mkeys@thedesk.net

Share:
A mobile phone running on the T-Mobile wireless network. (Photo: The Desk)

A California man has filed a federal lawsuit against wireless phone company T-Mobile after he alleged a recent fraudulent scheme caused him to lose $450,000 in digital cash.

In a complaint filed in federal court on Monday, Calvin Cheng said he lost the cryptocurrency after becoming a victim of “SIM swapping,” a technique used by cyber criminals to steal the phone number of an individual in an attempt to gain access to their online accounts.

In this case, Cheng alleges an unknown fraudster targeted the co-founder of an investment firm called Iterative Capital. The co-founder, Brandon Buchanan, became the victim of a “SIM swapping” scheme in which a fraudster tricked T-Mobile into transferring Buchanan’s phone number from a SIM card inserted into his phone to a different SIM card controlled by the alleged criminal. (Despite being the target of the alleged criminal act, Buchanan did not appear to be a plaintiff in Cheng’s case.)

That allowed the suspect to gain access to some digital accounts associated with Buchanan where a phone number is required for authentication. After gaining access to the accounts, the hacker contacted Cheng via Telegram and convinced him to transfer more than a dozen digital tokens known as Bitcoin for a premium price.

Cheng transferred the Bitcoin, believing he would be paid by Buchanan and Iterative Capital. But the payment never came through. As a result of the scheme, Cheng says he permanently lost his Bitcoin valued at over $450,000. A criminal investigation into what happened remains ongoing.

Cheng is suing under a little-known provision of the Computer Fraud and Abuse Act (CFAA), a federal anti-hacking statute that is typically used by prosecutors to go after cyber criminals accused of minor hacking offenses. The CFAA also allows victims of alleged cyber offenses to target individuals and companies through civil litigation in an effort to recoup financial losses.

Here, Cheng alleges T-Mobile’s inability to safeguard Buchanan’s personal information makes them liable under the CFAA, and he’s seeking monetary compensation for the loss of his cryptocurrency.

“Unlike a direct hack of data where a company like T-Mobile plays a more passive role, SIM-swaps are ultimately actualized by the wireless carrier itself,” the complaint said. “It is T-Mobile, in this case, that effectuates the SIM card change. This action remains operative and in force when the victim’s phone activity is used to hack other online accounts, extort the victim, or cause other foreseeable injuries, such as the one suffered by Plaintiff here.”

Cheng used comments by a Federal Trade Commissioner official to bolster his claim that T-Mobile is responsible for his alleged loss. In 2016, the official — who was herself a victim of a SIM swapping incident — said phone companies like T-Mobile “are in a better position than their customers to prevent identity theft through mobile account hijacking and fraudulent new accounts.”

That, in part, is because phone companies themselves must initiate the transfer of a phone number between SIM cards.

Despite this warning nearly five years ago, Cheng said T-Mobile was derelict in their duty to protect Buchanan’s account information and that of other customers. He points to a study conducted by researchers last year that found that phone companies were woefully unprepared to deal with the issue of SIM swapping schemes. T-Mobile was specifically mentioned in that study.

T-Mobile has also faced criticism in the past for several large-scale breaches of customer data, including one revealed early last month in which some customer phone numbers were compromised.

“T-Mobile failed to implement and/or maintain security policies and procedures sufficient to protect the unauthorized access to Buchanan’s [customer data],” Cheng alleged, adding that T-Mobile’s employees were not properly trained to safeguard the data even though they should have known that SIM swapping schemes were a real problem within the industry.

Cheng is asking for a jury trial and for a judge to award him compensatory and punitive damages if the phone company is ultimately found liable for his loss.

Never miss a story

Get free breaking news alerts and twice-weekly digests delivered to your inbox.

We do not share your e-mail address with third parties; you can unsubscribe at any time.

T-Mobile
Photo of author

About the Author:

Matthew Keys

Matthew Keys is the award-winning founder and editor of TheDesk.net, an authoritative voice on broadcast and streaming TV, media and tech. With over ten years of experience, he's a recognized expert in broadcast, streaming, and digital media, with work featured in publications such as StreamTV Insider and Digital Content Next, and past roles at Thomson Reuters and Disney-ABC Television Group.
TheDesk.net is free to read — please help keep it that way.

We rely on advertising revenue to support our original journalism and analysis.
Please disable your ad-blocking technology to continue enjoying our content.

Learn how to disable your ad blocker on: Chrome | Firefox | Safari | Microsoft Edge | Opera | AdBlock plugin

Alternatively, add us as a preferred source on Google to unlock access to this website.

If you think this is an error, please contact us.