US prosecutors have formally linked the arrest of a US Army soldier in December to the theft of US phone records from AT&T and Verizon last year. Authorities arrested Cameron John Wagenius, a US Army communications specialist, in Texas on December 20 following a two-page grand jury indictment charging the US serviceman with two counts of illegally transmitting secret phone records. Wagenius was later extradited to Washington state. In a new court filing on Friday, US prosecutors confirmed that the charges against Wagenius are related to the previous indictment of two alleged hackers, Connor Moucka and John Binns, who were charged by the US government in connection with a series of breaches at cloud computing company Snowflake that saw that mass. -stealing data stored in customer accounts. Snowflake customers whose data was stolen include AT&T, which had “almost all” of its customers’ call records through 2024 exfiltrated from Snowflake accounts, and Verizon, which took a large cache of customer call logs. U.S. Attorney Tessa Gorman told the Seattle court that, “both cases arose from the same hacking and extortion of computers and involved some of the same stolen victim information,” and thus, “this case relies on overlapping evidentiary material and legal proceedings and there may be. general questions of law and fact.” It was the first public acknowledgment by prosecutors that Wagenius’ charges were linked to last year’s breach at cloud computing company Snowflake. Security journalist Brian Krebs first reported on the connection between Wagenius and the Snowflake hacks in November, and later broke the news of Wagenius’ arrest. The account hack at Snowflake was one of the worst cyberattacks of the past year, affecting AT&T, LendingTree, Santander Bank, Ticketmaster, and at least 160 other companies. The hackers allegedly stole large banks of identifiable and sensitive corporate data stored by companies on Snowflake, in part by using passwords stolen from employee computers with malware. Most affected Snowflake customers were not using multi-factor protection, which Snowflake did not require of its customers at the time. According to the Krebs report, after Moucka’s previous arrest by the Canadian authorities, Wagenius claimed in a post on a cybercrime forum that he was known to have access to the phone logs of Vice President Kamala Harris and President-elect Donald Trump, and threatened to leak all the stolen files unless Moucka was released. Prosecutors allege the Snowflake hackers stole data that included personal information, cell phone and IMEI numbers, dates of birth, postal and email addresses, passwords, Social Security numbers, government-issued identification numbers, as well as payment card and bank account numbers. Wagenius was ordered on January 8 to be taken into custody, and is understood to be in custody in Washington state.
