# U.S. Army Soldier Charged with Extorting AT&T and Verizon After Major Data Breaches
In a noteworthy occurrence within the field of cybersecurity, a 20-year-old soldier from the U.S. Army has been taken into custody on allegations of extorting funds from major telecommunications companies AT&T and Verizon. This arrest comes in the wake of numerous data breaches that have exposed a substantial amount of confidential customer data. The soldier, named Cameron John Wagenius, was captured near Fort Hood, Texas, and is suspected to be the cybercriminal referred to as Kiberphant0m.
## Case Background
Wagenius was arrested on December 20, 2024, after facing indictment on two charges of illicitly transferring private phone records. Although the indictment does not name the victims or elaborate on the hacking actions, investigative documentation connects his arrest to the comprehensive hacks targeting AT&T and Verizon, mainly through statements made by his mother, Alicia Roen. She disclosed that her son had confessed to his connection with Connor Riley Moucka, another hacker apprehended in late October for comparable crimes.
Moucka, known by the pseudonym “Judische,” has been indicted on 20 counts of data theft and extortion aimed at multiple firms, including those using the cloud platform Snowflake. Chat log evidence previously identified Kiberphant0m as a U.S. soldier based in South Korea, indicating a possible collaboration between the two in their cybercrimes.
## The Data Breaches
### AT&T Data Breach
Among the most concerning incidents related to this case is a significant data breach at AT&T, which reportedly jeopardized personal information belonging to nearly all customers of the provider at that time. The compromised data encompassed not just customer phone numbers, but also comprehensive call records, exposing connections between individuals. This breach heightened privacy worries, as the hackers also gained access to cell site identification numbers, capable of pinpointing customer locations with startling precision.
In a bid to limit the repercussions, AT&T allegedly paid a ransom of $373,000 in Bitcoin to the hackers, who had initially sought $1 million. The breach was traced to a third-party cloud service, suspected to be Snowflake, which has been linked to other data violations, including the personal data of 560 million TicketMaster customers.
### Verizon Call Logs
In conjunction with the AT&T incident, Kiberphant0m was also connected to the theft of call logs from Verizon’s push-to-talk (PTT) clients, which mainly comprised U.S. government entities and emergency service personnel. On November 5, Kiberphant0m attempted to sell these stolen call logs and even promoted a “SIM-swapping” service aimed at Verizon PTT customers. This technique involves fraudsters seizing stolen credentials to reroute a victim’s phone calls and messages to a device they control, presenting a serious security threat.
## Legal Actions
The indictment against Wagenius has been moved to the Western District of Washington in Seattle, where subsequent legal actions will unfold. This case brings to light the rising anxiety surrounding cybersecurity and the developing sophistication of cybercriminals, including those with military affiliations.
## Closing Thoughts
The apprehension of Cameron John Wagenius acts as a stark warning about vulnerabilities in our digital frameworks and the potential for individuals within trusted institutions to partake in cybercrime. As the investigation progresses, it emphasizes the necessity for strong cybersecurity measures and vigilance from both companies and consumers to safeguard sensitive data from being compromised. The repercussions of these breaches extend well beyond financial impacts, representing serious threats to privacy and national safety.
