On Wednesday, Judge William Alsup issued an opinion in a case brought by a subscriber against his wireless carrier, Mint Mobile LLC, for cryptocurrency losses he attributes to the “mobile virtual network operator.” According to the opinion, Daniel Fraser sued after $466,000 worth of cryptocurrency was drained from his Ledger account following both a data breach impacting Mint and after his SIM was fraudulently ported-out.
The court broke down each of the three events, starting with the “large-scale” data breach that impacted Mint between June 8 and 10, 2021, exposing customer information such as names, addresses, email addresses, phone numbers, account numbers, and passwords. Reportedly, the plaintiff’s information was among those compromised.
Second, on June 11, an unknown criminal impersonated Fraser and ported his cellular service with Mint to another service provider, Metro by T-Mobile, allegedly giving that person all information necessary to access the plaintiff’s cryptocurrency account. Third, and just an hour after the SIM port, they began draining Fraser’s Ledger account.
The plaintiff sued Mint alleging a variety of state and federal claims. Mint moved to dismiss. The court opened its analysis by noting that the primary question is “the extent to which the carrier is liable for the lost funds once held by the cryptocurrency exchange.”
The opinion addressed causation, and Mint’s argument that the complaint failed to allege that the data breach and SIM port proximately caused the loss Fraser suffered at the hands of a third-party actor. Judge Alsup disagreed, finding that a look at the facts indicated a sufficient “logical progression.”
“A simple query of the victim’s email account would reveal any number of accounts a criminal could then try to access,” the court said, pointing out that three events giving rise to the lawsuit occurred within a short space of time.
As to the plaintiff’s Computer Fraud and Abuse Act (CFAA) claim, the court ruled that it failed for the “fundamental reason that the pleading does not adequately allege harm recognized under the Act.” The loss of the plaintiff’s cryptocurrency is not a loss related to a computer or system, as required by the CFAA, Judge Alsup concluded.
The court also dismissed the plaintiff’s claims under the California Unfair Competition Law (UCL) to the extent they sought monetary damages, his UCL restitution claim for failure to show a benefit conferred to Mint, his contract claims, his claims for punitive damages, and his Federal Communications Act claim.
The plaintiff has until May 11 to file a motion for leave to amend his complaint. He is represented by Putterman Law APC and Silver Miller. Mint is represented by Cipriani & Werner PC and Clark Hill LLP.