SIM Swap Attorney on Verizon v. FCC & Crypto Losses (2026)

January 9, 2026 | By: Max Dilendorf, Esq.

Max Dilendorf, Esq.

In September 2025, the U.S. Court of Appeals for the Second Circuit issued a landmark, up-to-date ruling in Verizon Communications Inc. v FCC, 156 F.4th 86, 90 (2d Cir 2025), affirming a $46.9 million FCC forfeiture for Verizon’s failure to protect customer proprietary network information (“CPNI”).

This fresh 2025 decision is one of the most significant appellate rulings to date addressing telecom data protection—and it carries immediate consequences for SIM swap fraud and crypto theft.

At a time when SIM swap attacks are routinely used to drain cryptocurrency wallets, defeat multi-factor authentication, and take over financial and digital accounts, the Second Circuit’s ruling sends a clear message: carrier failures to protect CPNI are no longer tolerated as mere operational mistakes.

A Current Appellate Signal on Carrier Duties

The Second Circuit’s 2025 decision reaffirms that Section 222 of the Communications Act imposes an affirmative and ongoing duty on wireless carriers to safeguard customer data.

This is not a historical interpretation—it is a present-day enforcement framework now validated by a federal appellate court.

As the court emphasized:

“Carriers have ‘a duty to protect the confidentiality of proprietary information of, and relating to, … customers.’”

The court underscored that this duty applies broadly to CPNI, rejecting Verizon’s attempt to narrow the statute’s scope. In language especially relevant to modern SIM swap attacks, the court held that:

“Customer proprietary network information is defined as ‘information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service.’”

And further clarified:

“Device-location data both ‘relates to the … location … of a telecommunications service’ and is obtained ‘solely by virtue of the carrier-customer relationship.’”

This reasoning matters now. In SIM swap fraud, the attacker’s power comes entirely from the carrier-customer relationship—the same relationship Section 222 is designed to protect.

2025 Confirmation That “Reasonable Measures” Must Be Real

A central takeaway from the 2025 decision is that carriers cannot satisfy their legal obligations with paperwork, contracts, or internal policies alone.

The FCC found—and the Second Circuit agreed—that Verizon’s safeguards were ineffective.

The court reaffirmed that carriers must:

“Take reasonable measures to discover and protect against attempts to gain unauthorized access to customer proprietary network information.”

Yet Verizon failed because it:

“Relied heavily on a chain of contractual arrangements” and monitoring that “apparently mainly consisted of analysis of unverified vendor-created consent records.”

The FCC determined that Verizon’s system:

“Assumed that the location requests and consent records provided by the [vendors] would be legitimate in the first instance.”

This 2025 holding resonates directly with SIM swap cases, where carriers often rely on employee scripts, minimal ID verification, or backend notes—while attackers exploit social engineering to gain control of phone numbers and steal crypto assets within minutes.

Fresh Judicial Recognition of Notice and Ongoing Risk

The Second Circuit also emphasized that prior warnings increase carrier responsibility. Verizon had internal notice of vulnerabilities before the misconduct ended.

An internal report warned that:

“It is possible for [third parties] with delegated consent to falsify consent records and obtain [Verizon] subscriber data without their consent.”

Despite that warning, Verizon continued its practices. The FCC treated this as continuing violations, and the court upheld that conclusion.

For SIM swap fraud in 2025, the parallel is clear: carriers have long been on notice that SIM swaps enable crypto theft, account takeovers, and identity compromise.

Continued failures after years of public reporting and enforcement actions now carry heightened legal risk.

2025 Enforcement Momentum, Not Historical Footnote

Verizon argued that the FCC acted arbitrarily. The Second Circuit rejected that argument, holding that the Commission:

“Reasonably considered the relevant issues and reasonably explained its decision.”

The court further reiterated that agency action is unlawful only if it:

“Entirely failed to consider an important aspect of the problem.”

This is a current endorsement of aggressive enforcement, confirming that telecom regulators have broad authority in 2025 to hold carriers accountable for CPNI failures.

Why This 2025 Case Matters for SIM Swap and Crypto Theft Victims

SIM swap attacks in 2026 are not anomalies—they are often the predictable result of systemic carrier failures. The 2025 Verizon v. FCC decision confirms that:

CPNI protections are broad and enforceable
Carrier authentication failures can violate federal law
Ongoing weaknesses after notice increase liability

For victims of SIM swap fraud and resulting crypto theft, this decision provides a powerful, modern legal foundation for arbitration and enforcement actions.

Max Dilendorf of Dilendorf Law Firm represents victims of SIM swap fraud, crypto theft, and cybercrime.

Mr. Dilendorf has represented clients in 130+ cybercrime arbitration proceedings, including SIM swap cases against T-Mobile, AT&T, and Verizon.

If you were a victim of a SIM swap attack or cryptocurrency theft, please contact Max Dilendorf to discuss your legal options. Email: info@dilendorf.com; Phone: 212.457.9797

Additional Resources

This article is provided for your convenience and does not constitute legal advice. The information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.