US prosecutors have formally linked the arrest of an active-duty US Army soldier in December to a massive theft of US phone records from AT&T and Verizon last year.
Authorities arrested Cameron John Wagenius, a US Army communications specialist, in Texas on December 20 after a brief two-page grand jury indictment charging the American technician with two counts of illegally transferring confidential telephone records. Wagenius was later extradited to Washington state.
In a new court filing on Friday, US prosecutors confirmed that the charges against Wagenius are related to the earlier indictment of two alleged hackers, Connor Moucka and John Binns, whom the US government accuses of multiple hacks at the computer company Snowflake cloud that saw the mass. -stealing data stored in its customer accounts. Snowflake customers whose data was stolen include AT&T, which had “almost all” of its customer call records up to 2024 removed from its Snowflake account, and Verizon, from which a significant cache of customer call logs was taken .
US Attorney Tessa Gorman he told the Seattle court that, “both cases arise out of the same computer intrusion and extortion and involve some of the same stolen victim information” and therefore, “these cases are based on overlapping evidence and legal process and arguably present common legal and factual issues issues”.
This is the first public admission by prosecutors that Wagenius’ charges are connected to last year’s breaches at cloud computing company Snowflake. Security reporter Brian Krebs first mention of the link between Wagenius and Snowflake hacks in November and later made the news of the capture of Vagenius.
The Snowflake account breaches became one of the most far-reaching cyberattacks of the past year, affecting AT&T, LendingTree, Santander Bank, Ticketmaster and at least 160 other companies. Hackers reportedly stole huge banks of personally identifiable and sensitive corporate data that companies stored on Snowflake, in part using passwords stolen from employee computers with malware. Most of the affected Snowflake customers were not using multi-factor protection, which Snowflake did not require of its customers at the time.
According to Krebs’ report, following Moucka’s earlier arrest by Canadian authorities, Wagenius claimed in a post on a prominent cybercrime forum that he had access to the call logs of Vice President Kamala Harris and then-President-elect Donald Trump Trump and threatened to leak all the stolen files unless Muka was released.
Prosecutors accuse the Snowflake hackers of stealing data that includes personal information, cell phone and IMEI numbers, dates of birth, postal and email addresses, passwords, social security numbers, government-issued identification numbers, as well as payment card numbers and bank accounts.
Wagenius was ordered on Jan. 8 to be taken into custody and is believed to be in custody in Washington state.
