News

Ukrainian May Have Ties to TJX Theft

A Ukrainian man recently arrested in Turkey is suspected of selling some of the credit and debit card numbers stolen in a data hack of at least 45 million cards of TJX Cos. retail customers, a U.S. investigator said Tuesday.

TJX is the owner of 2,500 discount retail stores worldwide including T.J. Maxx and Marshalls.

Authorities hope the arrest of Maksym Yastremskiy, suspected of being a major international trafficker in stolen data, will eventually lead to information uncovering the TJX intruders' identities.

"He was involved in the distribution of information," Greg Crabb, an agent with the U.S. Postal Inspection Service's global investigations unit, told The Associated Press. "We do have information that suggests other individuals were the masterminds of the hack."

U.S. investigators' interest in Yastremskiy in connection with the TJX case was first reported Tuesday in The Boston Globe. The 24-year-old was arrested weeks ago in the Turkish resort city of Kemer.

Yastremskiy's capture follows the arrests in Florida of 10 people accused of using stolen TJX customer data to buy Wal-Mart gift cards, though they also aren't believed to be the TJX hackers. Several have entered guilty pleas in recent months.

Crabb said information from Turkish officials holding Yastremskiy indicates he was a major trafficker in stolen data from sources including TJX.

"At one particular instance, he had solicited the sale of over a million credit card numbers," Crabb said. "To be able to gain access to that much data, you've got to have a good source."

Crabb said information from credit card issuers pointed to Yastremskiy as the source of illegally trafficked data stolen in the TJX case. Card numbers were allegedly trafficked online and internationally, as is common in identity theft cases that frequently stretch across the globe and often involve Eastern Europe.

TJX disclosed the breach on Jan. 17, and said March 28 that one or more intruders unearthed data from at least 45.7 million credit and debit cards from transactions as long ago as early 2003.

Independent organizations that track data thefts say the TJX case is believed to be the largest in the United States based on the number of customer records compromised.

TJX says about three-quarters of the 45.7 million cards had either expired by the time of the theft, or the stolen information didn't include security code data from the cards' magnetic stripes. However, TJX also has said the intruders could have tapped the unencrypted flow of information to card issuers as customers checked out with their credit cards.

Officials from the U.S. Secret Service and Department of Justice, which also are investigating the TJX case, declined to comment Tuesday, as did a spokeswoman for Framingham, Mass.-based TJX.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.