T-Mobile paid $33 million to settle a “SIM swap” case in which a hacker stole a fortune in Bitcoin from one of the carrier’s customers in 2020.
T-Mobile reached the deal through private arbitration, according to law firm Greenberg Glusker. T-Mobile reportedly wanted to keep some details quiet, but the Los Angeles-based firm made the settlement public because consumers deserve the right to know “about the ease with which SIM swaps have been occurring,” it says.
The settlement involves a T-Mobile customer named Joseph “John” Jones, who lost 1,500 in Bitcoin and 60,000 in Bitcoin Cash to a hacker in February 2020. The culprit pulled this off by initiating a SIM swap, which involves manipulating a mobile carrier into transferring a customer’s cell phone number to their own device. Doing so can enable a hacker to intercept SMS-based two-factor authentication codes and password reset numbers, giving them a way to hijack access to online accounts, including cryptocurrency wallets.
According to arbitration documents from Greenberg Glusker, Jones had already placed his T-Mobile number under “heightened security,” requesting an eight-digit PIN code as an additional measure to unlock access. But a hacker was still able to pull off a SIM swap.
(Credit: Bin Kontan via Getty Images)
“Mr. Jones is informed and believes that this eight-digit pin code was never required of the hackers, who slipped through the blatant cracks in T-Mobile’s security with shocking ease,” his lawyers argued in April 2020. “To date, T-Mobile has never apologized to Mr. Jones, or even offered to compensate him for his losses. Instead, T-Mobile has displayed a studied, callous indifference to a customer whose grave financial injury was caused by its well-known porous security system.”
It’s unclear exactly how the hacker pulled off the SIM swap. But last year, T-Mobile decided to settle, paying Jones $26.6 million, plus another $6.5 million for attorneys fees.
Get Our Best Stories!
Like What You’re Reading?
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Greenberg Glusker claims “T-Mobile has moved to seal the arbitrator’s findings, blocking access to details of its security failures.” So the firm decided to publicize the award by petitioning the Los Angeles Superior Court to confirm the settlement.
“T-Mobile is trying to hide the truth. They fought accountability at every turn, from blaming the victim to obstructing evidence production,” says James Molen, a partner in the Litigation Department of Greenberg Glusker. “The public has a right to know how their phone provider is putting them at risk, and we are confident the court will ensure transparency.”
Recommended by Our Editors
T-Mobile didn’t immediately respond to a request for comment. But the alleged loopholes in the carrier’s security may refer to how hackers previously tried to bribe T-Mobile employees into engineering SIM swaps.
Still, T-Mobile has touted its commitment to security, which includes rolling out 200,000 hardware-based security keys to employees. Last year, the carrier also agreed to bolster its cybersecurity after suffering data breaches in 2021, 2022, and 2023.
In the meantime, Greenberg Glusker stands to benefit from disclosing the settlement since the law firm says it has a history of litigating SIM swap cases.
About Michael Kan
Senior Reporter
