Pharmacy Manager Sues Rogers, Match Over 12 BTC SIM Swap Loss

Raelene Vandenbosch, a pharmacy manager in British Columbia, has initiated legal action against Rogers Communications and Match Transact Inc., alleging that a SIM swap scam in 2021 resulted in the loss of 12 BTC. The incident involved a hacker posing as a Rogers technician, who convinced a mobile kiosk employee in Montreal to share their computer screen. This allowed the hacker to access Vandenbosch's account information and transfer it to a SIM card in their possession, ultimately leading to the theft of her Bitcoin. The stolen BTC, initially valued at $531,000, is now worth approximately $1.8 million.

Vandenbosch's lawsuit alleges negligence, breach of privacy, and breach of contract against both Rogers and Match. She is seeking restoration of the amount the Bitcoin was worth at the time it was stolen, plus damages and a public admission of wrongdoing. The legal proceedings have moved to private arbitration, which limits public disclosure options. This shift to arbitration means that any resolution or admission of fault may not be made public, potentially affecting the precedent-setting nature of the case. The arbitration agreement was part of Vandenbosch's cellphone plan with Rogers, and the court ruled that the case must go to arbitration except for the part seeking a public admission of wrongdoing, which can proceed in the public interest.

The case highlights potential security vulnerabilities within telecom networks and the challenges in protecting digital assets like Bitcoin from fraudulent schemes. Legal actions demand accountability from affected companies and may inspire industry-wide protocol reviews. The emphasis on telecom liabilities in SIM swap scenarios might influence industry standards, spurring improvements. With similar cases reported globally, market participants are watching for regulatory guidance and potential preventive measures. The incident underscores the need for enhanced security measures and better protection of user data from fraudulent entities.

Vandenbosch's attorney, Alexia Majidi, stated that Vandenbosch has not yet decided how she will proceed and is declining to comment further at this time. A Rogers spokesperson defended the company's security record, noting the security risk associated with cryptocurrency. The spokesperson stated that the company continually strengthens its security measures to protect customers against fraudulent activity. Vandenbosch alleges that Rogers and Match failed to adequately protect her personal information and privacy, despite being aware of the risk of fraud posed by SIM swap scams since 2015. She also claims that Rogers allowed kiosk workers access to too much personal information and failed to mandate verification questions.

Vandenbosch's central argument for why she should not be required to go through arbitration rests on amendments made to the Business Practices and Consumer Protection Act in March. The B.C. government amended the legislation so cell phone companies can no longer impose these agreements on customers, arguing forced arbitration hurts consumers. Vandenbosch contended that these new rules must be retroactively applied to her case. However, Justice Anita Chan disagreed, citing comments by Attorney General Niki Sharma in the legislature in which she said the rules are not meant to be retroactive. The B.C. Ministry of Attorney General clarified further, stating that the prohibition came into force on Royal Assent of Bill 4 on March 31, 2025, and applies to new disputes that are launched after the date of Royal Assent. This means if a supplier had a pre-existing contract with an arbitration clause, the parties are no longer bound to arbitrate if they were not already in arbitration at the time.

In her decision, Chan offered one caveat: the case can proceed under a section of the Business Practices and Consumer Protection Act that allows for resolution in the public interest. This section predates the spring rule changes and allows for a judge to order a company to publicly accept responsibility or make changes and restore "any money or other property or thing" that was acquired through activity found to violate the act. Vandenbosch's claim seeks to have Rogers publicly declare it engaged in "deceptive" or "unconscionable" acts in this case, but this "restoration order" might not apply to the Bitcoin. It is generally used to force a merchant to pay back money to a customer who is suing. In this case, the money wasn't taken by Rogers or Match. And, according to her court filing, after four years, Vandenbosch still does not know who took the Bitcoin.