[Dataloss] follow-up (TJX): Ukrainian jet setter in world's largest cyber heist?
security curmudgeon
jericho at attrition.org
Thu Aug 23 15:46:00 UTC 2007
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://www.theregister.co.uk/2007/08/22/possible_break_in_tjx_investigation/
By Dan Goodin in San Francisco
22nd August 2007
US authorities have taken a keen interest in a recently-arrested Ukrainian
man after discovering he had ties to the criminal hackers behind the
colossal data breach at US retail giant TJX. Responsible for more than
45.6m stolen accounts, the infiltration has understandably landed on the
top of investigators' to-do list.
Their new-found interest is in Maksym Yastremskiy, who was arrested
several weeks ago for selling stolen credit card numbers in online forums.
It turns out a "significant number" of them belonged to customers whose
credentials were siphoned out of TJX's rather porous network.
"It's a significant point in the investigation," said Doug Bem, a public
information officer for the US Postal Inspection Service, one of a handful
of federal agencies probing the TJX breach. "We don't have any information
that suggests this person was the one who committed the attack on TJX, but
at some point he did come into possession of the (stolen TJX) card
accounts."
Bem wouldn't say how many of the stolen credit card numbers in
Yastremskiy's possession belonged to TJX customers, but he said there were
"a significant number of accounts that could be traced back to the TJX
database."
[..]
More information about the Dataloss
mailing list