Stoltmann Law Offices, P.C. is a Chicago-based securities and investor-protection law firm offering representation to defrauded investors nationwide on a contingency fee basis. We have been prosecuting claims against cellular phone providers like T-Mobile, AT&T, and Verizon on behalf of victims of SIM-Swap attacks for the past few years now. We are also actively pursuing claims against Coinbase for its role in failing to secure their customer accounts in violation of the terms of their user agreement.
Recently, there has been a flood of SIM Swap attacks against T-Mobile customers. Although it is speculation, this summer, T-Mobile announced that its customer database had been compromised, leading to the unauthorized access to customer account information effecting over 40 million subscribers. That attack, as time has gone by, has been revealed to have been far worse than originally reported. T-Mobile updated its customers a few months ago, and suggested that the attack compromised critical security information about its customer accounts, including phone numbers, customer names and addresses, dates of birth, IMEIs and IMSIs. T-Mobile said in a statement that it had no indication that hackers were able to access financial information such as credit card or debit card data. By way of background, an IMSI is the unique “International Mobile Subscriber Identity” number which identifies every cellular network user. It is a unique 15-digit number assigned to every user and is part of your SIM profile. SIM is another acronym for “Subscriber Identity Module.” The IMSI identifies where you use your phone and which mobile network (i.e., T-Mobile) you access. This is critical intelligence for anyone seeking to pull off a SIM Swap.
Although the hackers didn’t apparently gain access to sensitive financial data of customers, they did get a picnic basket of information that was surely sold to other hackers. If a hacker has your phone number, name/address, and IMSI, getting a SIM swap done is pretty simple unfortunately. These hackers identify people known to have crypto-currency accounts and then engineer hacks of their SIM so that they can gain access to a target’s Coinbase account and transfer the funds to another wallet on the blockchain and move on to the next victim. Because of the anonymous nature of crypto-currency transactions on the blockchain, the transactions are virtually untraceable and cannot be reversed. This massive attack on T-Mobile, which compromised millions of customer accounts, is likely leading to a surge in SIM Swap-Crypto theft attacks. These massive data breaches by cellular providers are not a new phenomenon and occur far too often. The good news for victims is, cellular providers like T-Mobile, AT&T, and Verizon can be held liable for a SIM Swap attack that leads to the loss of crypto currency or other financial accounts.