N.J. Customer Sues to Hold Verizon Accountable for SIM Swap in Minn.

West Caldwell, New Jersey, resident Dennis DePalma became a victim of cryptocurrency fraud March 21 when a John Doe “scammer” stole nearly $34,000 from his Coinbase account through a SIM swap at a Verizon store in Woodbury, Minnesota, that Verizon should have prevented, alleged his complaint against Verizon Monday (docket 2:23-cv-22318) in U.S. District Court for New Jersey in Newark. A SIM swap “allows scammers to circumvent multi-factor authentication for websites or accounts that use text messages to seek approval,” said the complaint. Scammers “switch the assigned phone number from the victim’s SIM card to a new one they purchase from the cellphone provider,” it said. DePalma alleges that a manager at the Woodbury location, known only by his first name, Joshua, “allowed himself to sign off” on the scammer who identified himself as DePalma “with no sort of verification,” said the complaint. SIM swaps shouldn’t be completed “without customer verification,” it said. The employee must get a PIN, a photo ID or email confirmation to complete a SIM swap, but Joshua didn’t do “his due diligence in this circumstance,” it said. Verizon is liable for a violation of Sections 217 and 222 of the Federal Communications Act because its employee, Joshua, “was acting within the scope of his employment” when he transferred DePalma’s cellphone number to a new SIM card for the scammer, it said. Verizon also “owed a duty” to DePalma “to exercise reasonable care” to protect his personal information “and prevent it from being compromised,” it said. That duty “required Verizon to design, maintain, and test its security measures to ensure the safety and protection” of customers’ personal information, it said. Verizon also had a duty to use “verification protocol” and ensure that its employees “adhere to it,” it said. The complaint seeks compensatory and punitive damages, plus attorneys’ fees and court costs.