A quick update on the ongoing TJX saga – This is such an important story and frequently referenced. Today’s SCMagazine reports the arrest of Maksym Yastremskiy, a 25 year old man who led the sale of data stolen through the March 2007 hacking of discount retailer TJX. In the report you’ll want to note a few things.
- First, the numbers have changed several times since the first announcement of this crime. Today’s reports cite “more than 45 million credit card and debit card numbers” potentially were exposed. Older reports ranged up to 100 million and a few said it could be as high as 150 million. Somewhat humorous is the restatement of 40 million credit cards later in the same article – so perhaps they just don’t really know. (These numbers are something to keep in mind when referencing the gravity of this story; however, the source is what is important for credibility sake).
- This same person was already sentenced to 30 years imprisonment plus fines of over $23,000 – I guess he wasn’t very smart – this being his second arrest. This follows a similar August 08 article announcing the arrest of 9 others involved in the TJX crime. Note: they cite 41 million cards in that article. At least we have a consistent ballpark – if you were in my Algebra II class we’d cover this in absolute value tolerance functions.
- It has been established that this was in fact a wireless breach. If you have been in a recent Making Money with Security Class®, you’ll remember that one of my students was actually able to access their wireless network (but didn’t), and tried to let them know. His warnings were apparently ignored.
- As a side, you now have one more reason to stay away from Paris Hilton’s website, the latest casualty in bot infested websites – this actually made USA Today while TJX is lost in the SC Security Magazine.