A U.S. Army soldier has been arrested and charged in connection with a scheme to sell stolen phone records, according to an indictment released by authorities. The soldier is alleged to be linked to a series of high-profile data breaches.


Cameron John Wagenius, 20, is accused of knowingly selling confidential phone records through online forums and other communication platforms. The indictment states these sales occurred as early as last November, though specific details about the compromised data have not been released publicly.

Investigations by cybersecurity experts have revealed a potential connection between Wagenius and the online alias "Kiberphant0m". This user claimed to have hacked multiple telecom firms and worked with individuals involved in the Snowflake data breaches.

Notably, Kiberphant0m allegedly posted call logs purported to be from former President Donald Trump and Vice President Kamala Harris in November. Although the authenticity of this data remains unverified, these events coincide with a reported data theft affecting customers at telecommunications company AT&T, potentially stemming from the Snowflake breach.

Furthermore, the suspect is alleged to have sold "remote access credentials for a major U.S. defense contractor" in 2023, based on findings by KrebsOnSecurity, a cybersecurity publication. The same source has indicated that Wagenius was stationed at an Army base in South Korea, managing communication operations.

Following the alleged leak of Trump and Harris’s data, KrebsOnSecurity conducted an analysis of Kiberphant0m’s digital communications, which led them to suspect the individual was a US soldier. The publication's latest report also includes an interview with Wagenius’s mother, who confirmed her son's link to the alleged hacker.

The investigation also involved cybersecurity experts who faced harassment while attempting to trace Kiberphant0m’s identity. Allison Nixon, lead researcher at Unit 221B, stated, “Anonymously extorting the President and VP as a member of the military is a bad idea, but it’s an even worse idea to harass people who specialize in de-anonymizing cybercriminals.”