Data cards from cell phone companies help many people wirelessly connect to the Internet, and the companies that make them assure customers the cards are safe.

Nevertheless, at least one security expert believes they aren't as secure as the companies lead customers to believe.

When Jonathan Rivish, who travels around the world as a minister, received a $10,000 cell phone bill, he assumed it was a mistake; a month later, he received a bill for $21,981.

According to the bill, Rivish downloaded or accessed nearly 10 million kilobytes of data from his wireless access card over a period of two months -- the equivalent of about 225,000 songs or 5,000 feature-length films -- from Canada and Mexico.

"They told me there was roaming in Canada and Mexico," Rivish said. "In my life, I travel a lot, but I've never been to Canada."

He called Sprint to straighten out the bill, but to no avail.

"Every day, I called six or seven times, being transferred from the operator to the manager to the supervisor to the fraud department," he said. "She said, 'It's possible someone hijacked your card.'"

Cell phone providers promise the information on the data cards is safe; however, one security expert told 5 Investigates that the encrypted cards are not as secure as one might think.

This sort of fraud "may be on the rise ... you see large cell phone bills from Canada to Asia to the states," said Todd McCullough from IT Security Consulting. "It's happening everywhere."

McCullough helps small businesses protect their computer systems from hackers.

He said each of the data or broadband cards contains an electronic serial number, which can be very valuable.

"If they take your card ... they can basically clone your SIM card and put it in another phone and sell it on the black market -- sell it for cheap worldwide," McCullough said.

Though nobody stole Rivish's physical data card, it appears that someone took the information from his card and created a new one.

McCullough said the cards are most vulnerable when they initially connect to the Internet. In the few seconds it takes for the computer to find a tower and establish a signal, a hacker could hijack it.

5 Investigates wanted to know why Sprint never contacted Rivish when the roaming charges skyrocketed, like credit card companies do when there is unusual activity on an account.

Even after Sprint assured him the bill was a mistake, the company still shut off Rivish's cell phone and sent out a notice demanding payment of $21,981.

5 Investigates contacted Sprint on Rivish's behalf, and company officials promised to fix his bill.

When offered the chance to respond on-camera, they refused, saying their data cards are secure.

Sprint spokesman Dave Mellin said in a statement, “We apologize to Mr. Rivish for any inconvenience this caused but we’re pleased that we’ve been able to achieve an outcome that we believe he is satisfied with.”