A California man is suing AT&T after he says one of its employees allowed a hacker to access his cell phone number that resulted in his data being compromised and more than $1.8 million in cryptocurrency stolen from his accounts.
Seth Shapiro says that an AT&T employee allowed a hacker to swap his phone number from his phone to a separate device, which resulted in "the compromise of highly sensitive personal and financial information and the theft of more than $1.8 million," according to court documents.
The process of so-called "SIM swapping" allows hackers a way to gain access to all the information tied to a phone number potentially giving them access to every email, photo, app and more on the phone.
"It's sort of out of anybody's worst nightmares," Shapiro told ABC News. "I’ve since learned this has happened to many people."
In May 2018, Shapiro, who has a background in tech, said he realized something was happening to his phone when it stopped working properly while he was in New York City, and he immediately ran to the closest AT&T store. His phone became a "Wi-Fi device," where it still functioned "but those four bars at the top were gone" and "you can't make a call or receive one," he explained.
At the AT&T store he said he asked employees to put him on a list that stops his SIM card from being swapped, but eventually found out that no such list exists. He alleges that hackers accessed the SIM card associated with his account and switched it from his phone to a device controlled by them -- sending all of his personal data and information to the new device. They were able to reset passwords because it was tied to his phone number, he said.
"I sat there and my entire life savings were stolen and there was nothing I could do about it, in the AT&T store," he added.
The complaint filed on Oct. 17 claims that while third parties had control over his AT&T wireless number, "they used that control to access and reset the passwords for Mr. Shapiro’s accounts on cryptocurrency exchange platforms, including KuCoin, Bittrex, Wax, Coinbase, Huobi, Crytopia, LiveCoin, HitBTC, Coss.io, Liqui, and Bitfinex."
The digital currency "was accessed by the hackers utilizing their control over Mr. Shapiro’s AT&T wireless number," the court documents added.
The lawsuit alleges that hackers were able to access "accounts on various cryptocurrency exchange platforms, including the accounts he controlled on behalf of his business venture. The hackers then transferred Mr. Shapiro’s currency from Mr. Shapiro’s accounts into accounts that they controlled."
"In all, they stole more than $1.8 million from Mr. Shapiro in the two consecutive SIM swap attacks on May 16, 2018," the complaint added.
Shapiro described it as "a nightmare that I couldn't wake up from."
"There was nobody to get in touch with," he said. "The only people who could help you was AT&T and they absolutely could not care less ... You essentially have nowhere to turn."
The impact on his family and personal life was enormous, Shapiro said, saying that they weren't able to buy the home he and his wife had been in the process of purchasing and his wife had to go back to work to make ends meet.
"We were kind of getting ready to slow down a little bit now it has been 17 months of anxiety, depression and horror," he said.
"If you go into a bank and they have you enter your passcode, that's kind of the analogy that AT&T uses, imagine if the teller as soon as you left can use your passcode and take cash out and they can't be held accountable," he said. "AT&T gives this responsibility to their lowest level of employees."
"Employees of AT&T have the ability to target any customer for any bribe," Shapiro said. "Since we filed the complaint we have heard from more people around the country saying, 'That happened to me.'"
Shapiro said the alleged hack and its fallout "nearly destroyed our lives" and "nearly destroyed our children's childhoods."
"It's absolutely unacceptable that AT&T faces no responsibility, faced with the loss of your life savings by an act that was facilitated by a multinational corporation," he said.
With the suit, Shapiro said they are "trying to make sure this doesn't happen to somebody else."
AT&T told ABC News in a statement that they dispute the Shapiro's allegations and shared information on how customers can help keep themselves safe from SIM swaps.
“We dispute these allegations and look forward to presenting our case in court," the statement said. "Customers can learn how to help protect themselves from this scam by going here -- https://about.att.com/sites/cyberaware/ni/blog/sim_swap.”
On their website, AT&T says they are “working hard with other major phone carriers and business partners to help prevent unauthorized SIM swaps. However, the thieves constantly change their tactics.”
The company said they are “continually enhancing safety measures” including building new tools to make it harder for someone to pretend to be you, helping companies flag suspected thieves during online transactions, increased training for employees and customers, and more.
The company encourages customers to add extra security measures to their accounts by creating unique passcodes. “If you create a unique passcode on your AT&T account, in most cases we'll require you to provide that passcode before any significant changes can be made,” the company said.