The hackers behind the massive breach of AT&T data last year hunted through the data for phone numbers and records associated with top officials and their families, including members of the Trump family such as Melania and Ivanka Trump; Kamala Harris; and Marco Rubio’s wife, people familiar with the matter told 404 Media.
The news further stresses the catastrophic nature of the breach, which impacted “nearly all” of AT&T’s customers’ call and text metadata during a certain timeframe. The breach not only impacted the general U.S. public, but also presented a significant national security risk. People familiar with the incident told 404 Media the hackers also planned to release a lookup tool that would have let anyone search the records for a fee, and said that the number of breached records is larger than previously reported. 404 Media granted multiple sources in this story anonymity because they were not authorized to speak to the press.
The news of lawmakers’ and top officials’ families being targeted also comes as the FCC, the agency which would potentially fine AT&T for the breach, is now being led by Brendan Carr, who has historically been very friendly to the country’s telecommunications giants.
“It is clearer than ever that AT&T’s lax cybersecurity and Trump’s ineffective, corrupt FCC pose a serious threat to U.S. national security,” Senator Ron Wyden told 404 Media in a statement. “Instead of throwing the book at AT&T for failing to secure Americans’ sensitive data, FCC Chairman Carr is coddling Trump’s corporate donors and raising the white flag to hackers. It’s time for the public and the U.S. government to stop relying on the insecure voice and text message services provided by phone companies, which are beyond salvaging, and embrace secure, end-to-end encrypted voice, video and text communications.”
In April 2024, hackers broke into an AT&T instance of Snowflake, a data warehousing tool that companies often use to store massive amounts of information, which contained the sensitive data. The stolen AT&T data itself did not contain names—it showed what phone numbers AT&T customers had called or texted between May 2022 and October 2022—but the hackers enriched the data with publicly available tools or data that appended the phone number owner’s name to the list.
Around this time, the hackers sent AT&T the phone number of Rubio’s wife as part of their extortion campaign, two of the people familiar with the incident said.
Later, one of the hackers sent AT&T phone records associated with members of the Trump family and Kamala Harris, three of the people familiar said. One of the people said that the Harris number was one on her account, and not one she was using. One person said the hackers specifically targeted Melania Trump, Jared Kushner, Ivanka Trump, and Tiffany Trump. A second source corroborated that the hackers targeted Trump’s wife and children.
The Department of State, where Rubio is now the head, did not respond to a request for comment. The White House acknowledged a request for comment but did not provide a statement in time for publication. Harris’ office did not respond.
The two hackers responsible for the AT&T breach are allegedly Connor Riley Moucka from Canada, and John Binns, an American hacker living in Turkey. Both associate with the Com, an overarching term for a community that includes hackers, fraudsters, gamers, violent criminals, and girls who are groomed by other participants. Participants often use physical violence against one another or members of the public, such as shootings, brickings, and robberies. Moucka, who allegedly used the handles Judische and Waifu, for example, regularly posted in Com-associated Telegram groups. The indictment against the pair says they stole 50 billion customer call and text records. Two people familiar with the incident said the number is actually at least 60 billion.
That stolen data also included records related to FirstNet, the AT&T-powered first responder communications network, two of the people said.
Binns was arrested in Turkey in May 2024. Moucka is currently in the process of being extradited to the United States after he was arrested in November.
After Moucka’s arrest, another hacker called Cyberphantom (or Kiberphant0m) who had advertised stolen telecommunications data, posted what they claimed were AT&T records for Trump and Harris on a hacking forum. 404 Media did not report on that disclosure at the time because the phone numbers were not verified. Now the people familiar with the incident say that the hackers did have phone records associated with U.S. officials and their families, and sent them to AT&T earlier than that public posting. Authorities arrested Cameron John Wagenius in December for allegedly attempting to sell phone records of a covered entity, Krebs on Security reported.
The breach continues to raise serious questions for AT&T, including why such a significant mountain of data was left essentially unprotected. The hackers originally gained access by using compromised credentials, likely purchased from one of the many feeds of stolen logins available online. The Snowflake instance did not have multi-factor authentication enabled.
“It’s time for the public and the U.S. government to stop relying on the insecure voice and text message services provided by phone companies.”
AT&T acknowledged a request for comment but did not provide a statement in time for publication.
Bloomberg previously reported the FBI has warned agents the data could impact the security of their confidential sources.
On its website, the FCC has a page called “Items on Circulation,” which lists the proposals FCC Commissioners vote on. As recently as Thursday these included items about wireless emergency alerts; improving competitive broadband access; and implementing federal floodplain policy changes. They also included an “Enforcement Bureau Action.” The FCC’s Enforcement Bureau investigates companies and issues fines. As of Friday, all of the items on circulation had been wiped from the website. “There are no Items on Circulation (01/24/25)” the website says.
It is public knowledge that the FCC had been investigating the AT&T breach. The FCC did not respond to a request for comment asking if it has dropped its investigation into the AT&T incident.
Last week Carr’s FCC reinstated complaints against ABC, CBS, and NBC, which the previous FCC Chair Jessica Rosenworcel said “seek to weaponize the licensing authority of the FCC in a way that is fundamentally at odds with the First Amendment.”
