Introduction to the Case

Cameron John Wagenius, a former US Army soldier, has pleaded guilty to his involvement in a significant hack that impacted major telecommunications companies AT&T and Verizon. This hack resulted in the theft of data from over 100 million customers, as reported by TechCrunch. Wagenius, aged 20 and stationed in Texas, admitted to two counts of "unlawful transfer of confidential phone records information." He faces a potential fine of up to $250,000 and up to 10 years in prison for each charge.

The Hack and Its Impact

Wagenius was taken into custody last year following an indictment for his alleged role in the hack of AT&T and Verizon. AT&T disclosed that the breach allowed the hacker to access nearly all of its customers’ phone records, including call and text histories, over a six-month period in 2022. More than 110 million customers were notified of the breach due to the impact on their data. Similarly, Verizon reported a significant theft of customer call logs.

Connection to Snowflake

Both hacks involving Wagenius are believed to be linked to Snowflake, a cloud services and data analytics provider. It is thought that Wagenius and his accomplices accessed data from AT&T, Verizon, and over 160 other companies, including Ticketmaster and LendingTree, through unprotected accounts with access to Snowflake customer accounts. Prosecutors allege that the hackers obtained everything from social security numbers and driver’s license numbers to passport details and banking information.

Additional Indictments and Extortion

Two other individuals, Connor Moucka and John Binns, have also been indicted in connection with the Snowflake hack. According to the Justice Department, they stole "billions of sensitive customer records" and extorted three victims, who paid at least 36 bitcoin (valued at $2.5 million at the time) to the hackers. Their extortion campaign lasted from November 2023 to October 2024, until they were charged and arrested.

Public Statements by Hackers

Moucka, based in Canada, openly discussed his role in the hack with 404 Media before his arrest, believing law enforcement was after him. Binns, an American living in Turkey, also took credit for the AT&T breach in an interview with the Wall Street Journal. In contrast, Wagenius was less forthcoming but was identified by investigators like Brian Krebs through his forum posts and online activity.

Conclusion

The case highlights significant vulnerabilities in data protection and the consequences of such breaches for individuals and companies. The guilty plea by Wagenius and the indictments of Moucka and Binns underscore the importance of cybersecurity and the legal repercussions for those involved in hacking and extortion activities.