I realize we do this every fucking week, because the average CEO doesn't give a shit about Cybersecurity.
But even in that context, this one is a serious fuck-up with some very real consequences for some folks.
"threat actors" who just happen to be interested in people's personal call records and ongoing police investigations...whoever this might be, they're not just looking for a quick buck - or at least their buyer isn't.
Edit: seems many victims are "individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders" and then a bit about going after records on ~~burner~~ prepaid phones...
I'm trying hard not to jump directly to spy novel conclusions, but I'll just leave it at - this isn't what successful operational security looks like.