Arrested Ukrainian Accused Of Being 'Largest Seller' Of Stolen T.J. Maxx Data - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Arrested Ukrainian Accused Of Being 'Largest Seller' Of Stolen T.J. Maxx Data

The man, who was arrested in a Turkish nightclub, was accused of selling stolen credit card information, but is not believed to have stolen it from TJX himself.

A Ukrainian man, who was arrested in a Turkish nightclub, allegedly was selling credit card information stolen during the massive security breach at TJX, the parent company of retailer T.J. Maxx.

Doug Bem, an inspector with the U.S. Postal Inspection Service, told InformationWeek that Maksym Yastremskiy, who is believed to be in his mid-20s, has been taken into custody in Turkey. And "discussions" are under way about extraditing him to the United States.

"He's an individual who a number of federal agencies have had on their radar screen for some time," said Bem. "It appears he is the largest individual seller of card data that traces back to the TJX breach. ... This is a significant opportunity."

Bem added that the authorities don't have any information that leads them to believe Yastremskiy actually broke into the TJX network and stole the information himself. Yastremskiy allegedly was a major reseller.

The theft at TJX, which is also the parent company of retailers like Marshalls and HomeGoods, was reportedly the largest customer data breach on record. Earlier this year, the company announced the loss of more than 45 million credit and debit card numbers that were stolen from its IT systems over an 18-month period. It's considered to be the largest customer data breach on record. Last week, TJX reported in its second-quarter earnings that the company had to absorb a $118 million charge related to the massive security breach. For the second quarter, which ended July 28, the breach cost 25 cents per share -- 10 times more than the 2 cents to 3 cents company executives estimated just three months ago.

In May, the company announced in its first quarterly earnings statement that it took a $12 million hit, or 3 cents per share. TJX earlier had recorded a fourth-quarter charge of about $5 million for similar costs related to the security breach. That means at the end of this last quarter, the breach has already cost the company $135 million.

Because of the breach, TJX was hit this past April with a class-action lawsuit seeking "tens of millions of dollars." The Massachusetts Bankers Association, which represents 207 financial institutions, announced that it filed the suit in federal court in Boston.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll