BEWARE IMPERSONATION SCAMS! Be sure that you are interacting with us. We e-mail exclusively from the domain @dilendorf.com

Negligence Liability of Carriers in SIM Swaps

September 22, 2025  |   By: Max Dilendorf, Esq.
Max Dilendorf, Esq.
Max Dilendorf, Esq.

212.457.9797  |  md@dilendorf.com

Linkedin
Print

In the high-stakes realm of cryptocurrency investment, SIM swap fraud poses a severe threat, allowing hackers to hijack phone numbers and drain digital wallets. Victims often pursue negligence claims against phone carriers, alleging failures in security, employee oversight, and fraud prevention.

However, courts may decline these claims, often relying on the economic loss rule and the absence of an independent duty beyond contractual obligations.

The Terpin v. AT&T Mobility, LLC case, alongside other rulings, exemplifies this judicial trend.

Understanding Negligence in SIM Swap Cases

Negligence requires proving: (1) a duty of care; (2) breach of that duty; (3) causation; and (4) damages.

In SIM swap litigation, plaintiffs assert that carriers owe a duty to protect account security through robust PIN systems, employee training, and monitoring of authorized retailers.

Michael Terpin, in his August 2018 complaint, alleged negligence (Count 10), negligent supervision and training (Count 11), and negligent hiring (Count 12), claiming AT&T’s lapses enabled a $24 million crypto theft.

His Second Amended Complaint (SAC) in March 2020 refined these into Counts 5–7, emphasizing AT&T’s “strict duty” under federal law and its Privacy Policy to safeguard customer proprietary network information (CPNI).

Yet, courts often limit this duty to contractual terms. The economic loss rule bars recovery for economic damages (e.g., stolen cryptocurrency) absent physical harm or an independent tort duty, preserving contract law’s boundaries. Carriers argue their obligations end with service agreements, not tort liability.

Terpin v. AT&T: A Clear Dismissal of Negligence Claims

Terpin’s case stemmed from a January 2018 SIM swap—the second targeting his AT&T account. Hackers, led by Ellis Pinsky, bribed a Connecticut retailer employee to reassign Terpin’s number, intercepting password resets to access his OneDrive and cryptocurrency wallets.

Terpin’s 2018 complaint highlighted AT&T’s prior 2017 fraud awareness and inadequate response, while the SAC detailed the carrier’s failure to learn from a 2013 FCC consent decree fining it $25 million for data breaches.

The U.S. District Court for the Central District of California granted summary judgment on Terpin’s negligence claims in March 2023, finding no duty beyond the Wireless Customer Agreement.

The July 16, 2025, order reinforced this: “Plaintiff Michael Terpin sued Defendant AT&T Mobility LLC after bad actors gained control over his cell phone number through a fraudulent ‘SIM swap’ and used that control to steal his cryptocurrency. The Ninth Circuit affirmed dismissal of Terpin’s fraud and punitive damages claims and affirmed summary judgment for AT&T on Terpin’s negligence, breach of contract, and declaratory relief claims.” The court applied California’s economic loss rule, rejecting a fiduciary duty based on Terpin’s fraud history as a commercial, not special, relationship.

The Ninth Circuit’s September 2024 ruling (Terpin v. AT&T Mobility, LLC, 118 F.4th 1102 (9th Cir. 2024)) upheld this, stating Terpin’s negligence claims were “foreclosed” for lacking independence from the contract.

As the court explained in its opinion, “The panel affirmed the district court’s summary judgment on Terpin’s negligence claims […]” and emphasized that “Terpin’s negligence claims rest on AT&T’s alleged duty to adequately protect Terpin’s account information. But he fails to identify a duty ‘independent of’ the contract.”

The panel further stated, “To impose a tort duty in such circumstances would go further than creating obligations unnegotiated or agreed to by the parties; it would dictate terms that are contrary to the parties’ allocation of rights and responsibilities.” The court also declined to find an independent duty under Section 222 of the FCA, stating, “We decline to hold that Section 222 imposes a duty of care giving rise to a state-law negligence claim,” as no authority supported transforming the statutory confidentiality duty into a California negligence basis.

Only Terpin’s FCA claim, based on alleged unauthorized CPNI access, proceeded to remand.

Implications for Victims: Overcoming Legal Barriers

Negligence claims in Terpin faltered due to the economic loss rule, which requires an independent duty beyond the contract—a threshold not met despite Terpin’s prior fraud alerts.

Proximate cause also proved elusive, as the 2025 order noted: “Terpin does not seriously dispute that the FCA incorporates a proximate cause requirement.” This shifts focus to statutory remedies like the FCA, where the court found “Terpin raised a triable issue of material fact as to whether AT&T violated the FCA.”

Navigating legal differences across states can make things tricky. California’s strict economic loss rule often limits recovery to cases with physical damage, making it tough to win negligence claims for financial losses like stolen crypto.

In contrast, states like North Carolina or Washington sometimes take a more flexible approach, occasionally recognizing that carriers might have wider responsibilities in similar situations.

To boost your chances, keep detailed records of every interaction with your carrier—such as fraud reports, security upgrade requests, and employee responses. However, succeeding still hinges on finding solid legal grounds, like statutory protections or contract terms, which can be a challenge.

Contact Us

At Dilendorf Law Firm, we represent clients who have been targeted by SIM-swap attacks and other forms of cyber fraud.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, we have successfully pursued claims against major cryptocurrency exchanges—including Coinbase—and leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are skilled in navigating proceedings before all major arbitration forums, including AAA, JAMS, and NAM.

We also represent victims whose digital assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

In high-stakes cases, we advise and coordinate with U.S. law enforcement and investigative agencies—including the FBI, Department of Homeland Security (DHS), and the Secret Service—as part of broader recovery strategies and criminal investigations into cybercrime.

If you have suffered losses due to a SIM swapping incident or other cyber fraud, contact us to discuss your case and options for recovery.

Email: info@dilendorf.comPhone: 212.457.9797

 

This is a public-record summary, not legal advice. We are not counsel of record and this case is not affiliated with Dilendorf Law Firm in any way.

Linkedin
Print
This article is provided for your convenience and does not constitute legal advice. The information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.

Other Blog Posts

ALL ARTICLES
SIM-Swap: What Carriers Must Tell You (and When)
EFTA & Crypto After Uphold: Two Judges, Two Roads
Terpin v. AT&T: A SIM-Swap Case That Put FCA in the Spotlight
SIM-Swap Arbitration Win Against T-Mobile (Jones v. T-Mobile)
SIM Swap Results in Crypto Theft: 15 Steps to Reclaim Your Digital Assets
Our website uses cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.