T-Mobile US, Inc. (NASDAQ: TMUS), the third largest wireless carrier in the United States, is facing a lawsuit from a customer for allegedly enabling the theft of his cryptocurrency. Carlos Tapang from Washington state claims that T-Mobile “improperly allowed wrongdoers to access” his mobile account on November 7 2017.
According to the suit, the company’s lax security measures enabled the criminals to transfer his phone number to an AT&T account which they control without his consent. And with this in their hands, they were able to change the password of one of his bitcoin exchange accounts and steal his cryptocurrency. “T-Mobile was unable to contain this security breach until the next day,” Tapang alleges. The hackers then shifted the spoils of 1,000 omisego (OMG) tokens and 19.6 bitconnect coins for 2.875 BTC, worth $20,466.55 at the time, and transferred it out of his exchange account.
According to the allegations, T-Mobile is partially for the loss responsible because it was meant to add a PIN code to the account before November 7, but the measure wasn’t finally implemented. The company is also accused of allowing scammers to repeatedly call T-Mobile’s customer support until eventually a representative would mistakenly grant them control over customer accounts without the needed identity verification.
Besides the loss of his bitconnect coins and OMG tokens, Tapang claims he also suffered “emotional distress” as he couldn’t use his phone and had to “expend time, energy, and expense” to resolve the matter. For this he is seeking not just monetary damages but also an injunctive relief, which means that the federal court will order T-Mobile to deploy more security measures to prevent the occurrence of similar incidents in the future.