A lawsuit against AT&T alleges that the carrier’s employees helped hackers perform SIM-swap attacks on a customer and rob him of $1.8 million worth of cryptocurrency.

Plaintiff Seth Shapiro of Torrance, California, says that AT&T is liable for the acts of its employees and failed to implement systems and procedures to prevent them from pulling off the scheme. The complaint, filed on October 17 in US District Court for the Central District of California, says:

In a SIM-swap attack, “the SIM card associated with the victim’s wireless account is switched from the victim’s phone” to someone else’s, which “effectively moves the victim’s wireless phone—including any incoming data, texts, and phone calls associated with the victim’s phone—from their phone to a phone controlled by the third party,” the lawsuit notes.

“The hacker’s phone then becomes the phone associated with the victim’s carrier account, and the hacker receives all of the text messages and phone calls intended for the victim,” the complaint continues. “Meanwhile, the victim’s phone loses its connection to the carrier network.”