T-Mobile Uses 'Kitchen-Sink Approach' to Avoid Liability, Says Alleged SIM Swap Victim

T-Mobile’s motion to dismiss a fraud suit involving an alleged SIM swap uses a “kitchen-sink approach to avoid liability,” said plaintiff Eman Bayani, responding Monday (docket 2:23-cv-00271) to T-Mobile’s April 24 motion to dismiss (see 2304260067) in U.S. District Court for Western Washington in Seattle.

Bayani alleged he lost “thousands of dollars” in a “SIM swap scam” after third-party criminals hacked into his online cryptocurrency account and stole his digital currency, said his February complaint, alleging violations of the Communications Act and Stored Communications Act.

Bayani’s allegations that Metro by T-Mobile owes him for the loss “ignore Metro’s warning” that it strives to protect customers from cyberattacks but “cannot guarantee security -- no wireless carrier can,” said T-Mobile in April, referencing its terms and conditions (T&Cs). Bayani responded that the T&Cs are “the very definition of a one-sided contract of adhesion, in which T-Mobile attempts to insulate itself from liability in every way possible.”

The T&Cs, which T-Mobile didn’t say when or how Bayani assented to, and “on which none of his claims rely,” disclaim T-Mobile’s liability “for basically everything it might do to harm Plaintiff,” Bayani said. The T&Cs “attempt to further limit the time period, types of damages, and methods by which a consumer can bring a claim against T-Mobile, without any countervailing benefits provided to consumers,” he said.

Citing another case, McKee v. AT&T, Bayani said “parties can shorten the applicable statute of limitations by contract unless a shorter time frame is unreasonable or prohibited by statute or public policy, [but] in order for such a shortened period to be enforceable, the parties must have actually assented to it.” Bayani entered into a contract with T-Mobile for wireless service, but he doesn't allege he agreed to any T&Cs. He asserts he “figured out how to 'opt out' of arbitration by performing an internet search regarding how to sue T-Mobile, not from any review of or assent to the T&Cs."

T-Mobile’s submission of its T&Cs to the court, without more,"cannot establish the mutual assent that would be required to enforce its terms," said Bayani, citing Alvarez v. T-Mobile USA. Because T-Mobile can't establish that Bayani assented to the T&Cs, its claim it “warned” him about the possibility his data would not be secure and its attempt to impose a shortened limitations period on his claims, "is not a valid basis for dismissal," Bayani said. Even if T-Mobile could show proof of a valid contract with the plaintiff, the limitation of liability provision, "and in particular the shortened statute of limitations, is unconscionable and should not be enforced," he said.

Throughout its arguments, T-Mobile attempts to "distance itself from the harm Plaintiff incurred, claiming that such harm was caused by third-party criminals," Bayani said. The carrier "ignores the fact that a T-Mobile employee effectuated the SIM swaps at issue in this case," he said. T-Mobile "was not a passive player in the chain of events that led to Plaintiff's losses; rather, T-Mobile affirmatively performed the SIM swaps that allowed third-party criminals to access and steal Plaintiff's money," said the response.

T-Mobile "has long been aware of the security risks presented by its weak user credential structures and procedures," said Bayani, noting multiple lawsuits with similar allegations. Despite other occurrences, "T-Mobile did not use readily available security measures to prevent or limit such attacks," and it "failed to provide reasonable and appropriate security" to prevent unauthorized access to Bayani and others' accounts, he said.