US Lawmakers Call on Communications Regulator to Tackle SIM-Swapping Crime

Democrat lawmakers are demanding that the FCC takes action to tackle the rise in SIM swapping attacks.

AccessTimeIconJan 10, 2020 at 12:00 p.m. UTC
Updated Sep 13, 2021 at 12:07 p.m. UTC

Democrats in the U.S. Congress are demanding the Federal Communications Commission (FCC) takes action to tackle the rise in SIM swapping attacks.

Responding to the groundswell of reported SIM swap heists, senators Ron Wyden (Ore.), Sherrod Brown (Ohio) and Ed Markey (Mass.) and representatives Ted Lieu (Calif.), Anna Eshoo (Calif.) and Yvette Clarke (N.Y.) sent FCC Chairman Ajit Pai a letter Thursday urging him to do more to hold cell carriers accountable for the low-cost but often highly lucrative crime.

Cybersecurity blog KrebsOnSecurity first reported the letter.

SIM-swapping is the act of remotely accessing a target’s cellular identity, essentially co-opting the associated phone number for nefarious purposes. There’s any number of ways to swap a SIM; in some cases, hackers even bribe or exploit cell carrier employees.

Once the number is taken over, the fraudster can reset victims’ passwords, steal credentials and wipe personal information, bypassing most security mechanisms that rely on cellular two-factor authentication. That can be costly, especially for a crypto community still largely reliant on text-based account security. To date, millions of dollars in crypto have been stolen in alleged SIM swap attacks.

The lawmakers' chief concern appears to be America’s lack of comprehensive consumer protection policies. They note that some jurisdictions require prevention methods, like in-store verification, while others lag behind. 

“Implementation of these additional security measures by wireless carriers in the U.S. is still spotty and consumers are unlikely to find out about the availability of these obscure, optional security features until it is too late," the lawmakers wrote. 

They also demanded to know more about how the FCC tracks SIM swap reports, if it has been educating the public on prevention and if it has investigated such hacks in the past.

One of the most public victims of an attack was crypto investor and communications executive Michael Terpin, who lost over $20 million to SIM-swappers in 2018. He sued his cell provider, AT&T, for failing to protect him, alleging the company was responsible for its employees who allegedly worked with the fraudsters. 

That suit is ongoing. Terpin also wrote FCC’s Pai, in October, urging action against SIM swapping. 

Last month, prosecutors unsealed an indictment against Nicholas Truglia, who is suspected of orchestrating the Terpin heist.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.