According to TechCrunch, the U.S. government has charged Connor Moucka and John Binns with hacking into AT&T's systems, resulting in the theft of approximately 50 billion customer call and text records. In July, AT&T disclosed that hackers had accessed the phone records of nearly all its cellular and landline customers, including details of who contacted whom, but not the content of the messages. AT&T planned to notify around 110 million customers about the breach, which involved data stored on Snowflake, a cloud service provider for data analysis. The Department of Justice's indictment, filed on Sunday, revealed the extent of the stolen records, although it did not explicitly name AT&T, referring instead to "Victim-2," a major U.S. telecommunications company breached around April 14. This aligns with AT&T's previous confirmation of a breach discovered on April 19, suggesting that "Victim-2" is likely AT&T. Neither AT&T nor DOJ spokesperson Emily Langlie provided comments on the matter.

The indictment details how Moucka and Binns accessed billions of sensitive customer records and extorted at least three victims for a total of 36 bitcoin, valued at approximately $2.5 million at the time of payment, over nearly a year from November 2023 to October 10 of this year. Moucka, residing in Canada, used online aliases such as "judische," "catist," "waif," and "cllyels," while Binns, based in Turkey, was known as "irdev" and "j_irdev1337." Moucka was arrested in Canada last week, and Binns had been previously detained in Turkey. In August, Binns claimed responsibility for the AT&T breach in an interview with The Wall Street Journal. Moucka, under the alias "Judische," expressed to 404 Media his anticipation of being arrested soon.

AT&T is among several victims whose sensitive data was compromised from their Snowflake instances. Other affected companies include Santander Bank, Ticketmaster, and approximately 165 corporate customers. Prosecutors allege that the hackers stole vast amounts of sensitive personal and corporate data, such as social security numbers, driver's license numbers, passport numbers, and banking information, making these breaches some of the most severe cyberattacks of the year. In some instances, the hackers demanded ransom, threatening to leak the stolen information, and occasionally followed through on these threats. Wired reported that AT&T paid a hacker $370,000 in an attempt to have the stolen records deleted. The indictment confirms that "Victim-2" paid a ransom to the hackers. This article has been updated to reflect the DOJ's decision not to comment.