U.S. Army Soldier Indicted in Hack Targeting Trump and Harris Call Records

A U.S. Army soldier has been indicted for allegedly selling phone records of President-elect Donald Trump and Vice President Kamala Harris after a 2024 data breach.

The soldier was found to have transferred confidential phone records following an investigation into a May 2024 breach targeting a third-party cloud storage provider. The incident, which involved unauthorized access to Snowflake-hosted accounts, reportedly compromised call records for President-elect Donald Trump and Vice President Kamala Harris.

The breach, which occurred on May 23, 2024, exploited vulnerabilities in single-factor authentication used by some Snowflake accounts. Cybersecurity experts identified it as a targeted campaign aimed at extracting sensitive information. Cameron John Wagenius, an Army communications specialist stationed at Fort Cavazos, Texas, at the time of his arrest, has been accused of operating under the alias "Kiberphant0m" on dark web forums.

Wagenius allegedly posted unverified AT&T call logs purportedly linked to Trump and Harris on BreachForums, offering the stolen data for sale. In a grand jury indictment filed in Seattle, he was charged with two felony counts of selling confidential phone records without authorization.

The indictment stated that on or about November 6, 2024, Wagenius knowingly transferred call record data obtained fraudulently, in violation of U.S. federal law. While the document provided limited details, the allegations link Wagenius to hacking activities against multiple telecommunications firms.

The breach was initially investigated by cybersecurity experts, including Allison Nixon of Unit 221B, who faced threats and harassment while tracking "Kiberphant0m." Nixon emphasized the risks of criminal behavior in cyberspace, especially targeting high-profile individuals. “It’s a bad idea to anonymously extort anyone, let alone the President and Vice President,” she said.

This arrest is part of a broader effort to combat cybercrimes targeting prominent individuals and organizations. In September, the U.S. Department of Justice charged members of Iran’s Islamic Revolutionary Guard Corps (IRGC) for allegedly hacking Trump campaign staffers and leaking sensitive information. These incidents highlight vulnerabilities in both private and public sectors concerning cybersecurity.

Wagenius was apprehended near Fort Cavazos on December 20, 2024, and is expected to be extradited to Seattle, where the case will proceed. The Army has stated its cooperation with law enforcement agencies, but details regarding Wagenius’s military role and its potential link to the alleged crimes remain unclear.

The case underscores significant concerns about the security of sensitive data stored on cloud platforms and the risks of single-factor authentication. Snowflake, the cloud service implicated, has not released additional details but confirmed the breach targeted accounts using weaker authentication methods.

This incident serves as a stark reminder of the importance of robust cybersecurity measures in protecting both private and national security interests.