AT&T Sues 3 Former Workers for Alleged Mobile Phone Unlocking Scheme
The former employees allegedly used an unauthorized computer program to unlock AT&T phones so they could be used on other networks.AT&T is suing three of its former employees for participating in a scheme to illegally unlock smartphones that the company sold so that their owners could use them on other carrier networks, which is a violation of AT&T's rules. The 25-page lawsuit, filed recently in United States District Court in the Western District of Washington, names Marc Sapatin, Kyra Evans and Nguyen Lam, who formerly worked as support specialists in an AT&T office in Bothell, Wash., as defendants in the case, along with Sapatin Nguyen Enterprises Inc., Prashant Vira and Swift Unlocks Inc. Sapatin, Evans and Lam worked for the company in 2013, according to the lawsuit. Some 50 unidentified John Doe defendants also are named in the suit as co-conspirators for allegedly benefiting from the unauthorized smartphone unlocking processes. The three former workers had access to AT&T computer systems as part of their jobs in customer service and used an AT&T application called Torch for their work, which also allows employees to unlock phones if requested by customers under certain conditions, the suit alleges. "Based on the credentials that users must provide to log into the Torch program, all unlocking transactions can be traced to the specific AT&T employee that sent the unlock request," the suit states.
A "surge" of unlock requests was noted around Sept. 26, 2013, by AT&T's Asset Protection team, suggesting that the Torch application was being abused, the suit states. The Asset Protection team investigated the surge of requests and allegedly determined that "the employee credentials of defendants Evans and Sapatin were associated with disproportionately large instances of use of Torch's 'unlocking' function during the relevant time period." In addition, "AT&T's review of the unlock requests associated with defendants Evans and Sapatin further revealed that the unlock requests occurred within milliseconds of one another, suggesting the use of an automated or scripted process to unlock devices, rather than manual submission of unlock requests in the ordinary course of business."