There's A Reason T-Mobile Didn't Want Customers To See This Court Document

A 2023 lawsuit suggests that T-Mobile customers may have been at risk of falling victim to a SIM swap attack since the mid-2010s, and the company reportedly doesn't want you to know about it. The lawsuit, handled by Los Angeles-based Greenberg Glusker, secured a $33 million arbitration against T-Mobile after its faulty security protocols allowed hackers to steal $37 million in cryptocurrency from customer Joseph "John" Jones in a SIM swap scheme. The law firm revealed the award in a March 2025 press release and accused the telecom giant of attempting to keep the ruling from becoming public knowledge.

According to Greenberg Glusker, T-Mobile attempted to seal court documents that highlight a series of security lapses that put T-Mobile customers at risk and reveal its susceptibility to such attacks. Although much of the security burden is on service providers like T-Mobile, the case also highlights how customers can protect themselves from these complex schemes.

SIM swaps are a growing threat to telecom customers. These fraud cases, in which hackers exploit common customer service features to transfer a victim's phone number to a different SIM card, enable hackers to bypass traditional authentication measures on bank accounts and other sensitive applications. Less discussed than other common cyberattacks like phishing, ransomware, or denial-of-service attacks, the rise of SIM swaps reflects a cybersecurity landscape where service providers are increasingly tasked with protecting clients from international cybersecurity threats.  For instance, in September 2025, law enforcement disrupted a SIM Farm hacking scheme that looked to manipulate NYC's cell networks, further underscoring how the telecom industry has become a target for cybercriminals and nation-states.

The attack on Joseph Jones occurred in February 2020, when a pair of hackers executed a SIM swap on his T-Mobile cellphone, allowing them to access Jones' one-time passwords and bypass his cryptocurrency wallet's security features. T-Mobile discovered and countered the attack within 16 minutes, although the perpetrators had already drained the victim's accounts of roughly $37 million worth of cryptocurrency by then.

A particularly troubling detail of the attack was the ease with which it occurred. In fact, the hackers, who testified in the arbitration case, stated that they chose Jones because he was a T-Mobile customer, acknowledging that the pair wouldn't have targeted him otherwise. According to their testimony, T-Mobile was an easier target than other providers due to a lack of additional authentication features, such as PINs or social security number verification. Furthermore, case documents showed that T-Mobile put its customers at risk by offering less employee training than its competitors, making it difficult for the company to prevent, recognize, and address potential scams. Case documents showed that such procedural ineptitude endangered T-Mobile customers, with victims being targeted as early as 2016. As Paul Blechner, a key member of Greenberg Glusker's trial team, put it, carriers like T-Mobile have long failed to implement measures to protect customers, and this case would seem to be a perfect example.

To its credit, T-Mobile has reportedly started bolstering itself against SIM swap attacks – a necessary step in its quest to regain customer trust. One measure is its partnership with AT&T, Verizon, and Aduna to provide an API for the Big Three's number verification and SIM swapping functions. Such security features are critical as T-Mobile brings back its popular self-service SIM swap capabilities. 

SIM swaps are part of a broader trend where hackers can take over an individual's phone number to bypass SMS-based security measures. Another means of doing so is porting, in which hackers create a new account with a different telecom company and request a number transfer. Whereas SIM swapping occurs within the same carrier network, porting allows customers to transfer phone numbers between carriers. 

These attacks are becoming more common, constituting a rising concern for law enforcement, businesses, and individuals. In 2023 alone, the FBI investigated over 1,000 SIM swap attacks resulting in hackers stealing over $50 million from American customers. According to a 2025 TransUnion report, SIM swap fraud is the telecom industry's second-largest fraud concern. On a similar note, identity fraud service firm IDCARE reported that SIM swaps rose by an astounding 240% in 2024. Shockingly, 90% of these attacks occurred without the customer's knowledge, revealing an industry-wide gap in customer preparedness.

There are several ways that users can protect themselves from SIM swap attacks. The first is using app-based two-factor authentication using apps like Google Authenticator, as these require the attacker to have access to the device itself. Implementing strong passwords and PINs can also be effective. Third, users should monitor their accounts for irregular activity. As showcased in the T-Mobile case, attacks often occur within minutes, so quickly detecting an attack is crucial. One potential sign of an attack is if a user's phone unexpectedly loses service or switches to SOS mode without explanation. If this occurs, contact your provider immediately. While it doesn't necessarily confirm an attack, users must proactively protect themselves.