On August 15, 2018, crypto-enthusiast Michael Terpin filed a 69-page Complaint against AT&T in the Central District of California. This federal action – a fifteen-count missive from Greenberg Glusker, seeks compensation of $24,000,000 for stolen cryptocurrencies as well as punitive damages in the amount of $200,000,000. Terpin’s counsel seeks to get around standard contractual limitations and arbitration language by claiming that AT&T violated every possible California consumer statute on the books.
At its essence, the lawsuit alleges AT&T did not “implement and maintain reasonable security procedures and practices” regarding personal information and protect it “from unauthorized access, destruction, use, modification or disclosure” as evidenced by a “January 7, 2018 SIM swap fraud” conducted by a criminal who was able to convince an AT&T store employee to give him Mr. Terpin’s SIM card. Complaint ¶ 238.
In order to obtain recovery in federal court, Terpin’s counsel will have to get around standard ADR language and damages limitations typically found in mobile carrier agreements. More than likely, the valiant efforts of Greenberg Glusker will be to no avail – with the eventual result this case will move down the well-traveled road of arbitration without any punitive damages or massive discovery in sight. The Supreme Court authority for such a result is quite extensive and may be why the Complaint is written in such flowery and emotional prose.
No matter what forum eventually takes on this case, it raises numerous issues that percolate beyond the four corners of the Complaint. For example, will AT&T’s insurer eventually defend or pay out on this claim? If so, which coverage grants will be triggered? And, if there is coverage, will ISO or major insurance carriers develop a standard insurance exclusion to bar cryptocurrency theft claims in the future? As it moves through the California federal court system, this case will definitely have consequences for corporations well beyond AT&T.