Ukrainian Arrested In India For TJX Data Theft

ComputerWorld reports "A Ukrainian national has been arrested in India in connection with the most notorious hacking incident in US history." "Sergey Valeryevich Storchark was one of 11 men charged in August 2008 with hacking into nine US retailers and selling tens of millions of credit card numbers. He was arrested in India earlier this week, according to a spokesman with India's Central Bureau of Investigation (CBI). In a statement, the CBI said they'd arrested Storchark in New Delhi on the night of May 8, as he deplaned from a flight from Goa, for layover before a flight to Turkey. US authorities had asked for his extradition via diplomatic channels. ... 'His extradition and prosecution would have been very unlikely had he reached his final destination of Ukraine,' the CBI said."

Re:Belongs in Prison

[Shakrai]

These scum bags belong in prison for life.

Are you referring to the scumbag identity thieves or the scumbags in the financial sector that decided that someone entering a DOB and SSN on a website would be enough "verification" of identity to allow someone to open credit accounts?

I know someone who applied for and received a $25,000 line of credit from Citi online with no actual verification of who he was. His credit card arrived in the mail a few days later. He had recently moved and his new address wasn't even on his credit report yet. You'd think the fact that the card was going to a previously unknown address would be enough to set off a red flag but it didn't. All he did was apply online using information that any idiot who was willing to dumpster diving could have retrieved.

Re:shoot him

[Locke2005]

Don't shoot them. Just release all their personal details to everyone whose information they stole. Probably at least one of the victims is unstable enough to track the bastard down and exact revenge for the whole group of victims... especially true if we're talking about millions of victims.

I had an incident where somebody ordered an item with my wife's credit card and had it shipped to another address. When we complained that this transaction was not authorized, they took it off my wife's account, but refused to disclose the address the item had been shipped to, citing "privacy" concerns. Hold on -- people are allowed to commit fraud but still retain their "right" to privacy?!? If it's my account, I have a right to disclosure of full details on every transaction! Again, provide full disclosure, and eventually the criminals will attempt to screw over the wrong person -- which is win-win for the rest of us.

Re:shoot him

[Anonymous Coward]

Again, provide full disclosure, and eventually the criminals will attempt to screw over the wrong person -- which is win-win for the rest of us.

The problem with that is that in North America, the company might get sued for criminal negligence if they gave out that info and a vigilante took the law into their own hands and went a little too far with their street justice. The truth is that vigilantism is still taboo here, and with good reason, so these companies have due-diligence policies that they only release said information to the authorities if said authorities choose to proceed with a legal investigation. The fact is that you neither own the credit card number nor the account on the company's server, so you have no legal right to the information. If you have a problem with that, don't use the service.

Yes, it sucks that the credit card companies typically choose to write off small amounts of fraud because the police won't investigate small claims, but as long as the debt is theirs, it's their right. What really needs to be rectified is the credit bureaus that treat easily obtainable information as sufficient to establish an identity and leave the onus on the consumer to rectify errors in their database. We need to put the financial onus on them to maintain correct information in their DB, much like the onus on credit fraud is on the banks/creditors.

Re:shoot him

[blair1q]

Report the fraud to the police. They will ask a judge, nicely, to look into the "private" data, and then they will arrest, try, convict, and punish the perpetrator.

That is, if it's above the baseline for their enforcement budget for the year, and they don't have something serious to deal with.

But you can only do that if it's still costing you money.

Once the credit-card company comped your account, you no longer had a case, but they did, so it's their concern, not yours.

But watch all your other financial accounts; if your identity really was stolen, and it's not just a case of someone having your credit card number and using it on a website that doesn't actually check any identification, then you might see people opening bank accounts, applying for loans, starting businesses, etc. under your name.

Re:Belongs in Prison

[EdIII]

I have a big problem with that. Prison for life is not only very costly, but you would be surprised what just 10 years is like in prison.

On another note, why does he get to go to prison for life, but all those wonderful human beings that:

- Set up securitized mortgages and played fast and loose with mortgage notes.
- Bypassed the court systems by creating non-judicial foreclosures where you could not even complain it was the wrong company or they could not produce the note
- Stole billions, still not a widely known fact, by selling the *same* mortgage 2, 3, or 4 times in different securitized packages causing multiple companies to come after you at the same time making it difficult to even determine the appropriate part to sue, let alone pay.

Yeah. Those identity thieves need to be put in prison for life at our expense, but Wall Street douchebags get bailed out with our taxes and allowed to enjoy their freedoms.

Let the bullshit continue and rich investors clean up by stealing all the property and land in the last couple of years at pennies on the dollars, FUNDED BY US!!!!

"identity" "theft"

[FuckingNickName]

Your identity is never stolen. It's as much a misnomer as "piracy".

What usually happens is that private corporations penalise you because they've put you in some set of lame risk databases they use, and it turns out that your entries were filled against your favour as a result of the actions of someone else.

It's your own (plural, every one of you) fault for putting so much trust and reliance on the convenience of the good ol' entry in a database by which your life is made or broken.