follow-up (TJX): Ukrainian jet setter in world's largest cyber heist?

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.theregister.co.uk/2007/08/22/possible_break_in_tjx_investigation/

By Dan Goodin in San Francisco
22nd August 2007

US authorities have taken a keen interest in a recently-arrested Ukrainian 
man after discovering he had ties to the criminal hackers behind the 
colossal data breach at US retail giant TJX. Responsible for more than 
45.6m stolen accounts, the infiltration has understandably landed on the 
top of investigators' to-do list.

Their new-found interest is in Maksym Yastremskiy, who was arrested 
several weeks ago for selling stolen credit card numbers in online forums. 
It turns out a "significant number" of them belonged to customers whose 
credentials were siphoned out of TJX's rather porous network.

"It's a significant point in the investigation," said Doug Bem, a public 
information officer for the US Postal Inspection Service, one of a handful 
of federal agencies probing the TJX breach. "We don't have any information 
that suggests this person was the one who committed the attack on TJX, but 
at some point he did come into possession of the (stolen TJX) card 
accounts."

Bem wouldn't say how many of the stolen credit card numbers in 
Yastremskiy's possession belonged to TJX customers, but he said there were 
"a significant number of accounts that could be traced back to the TJX 
database."

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml