A Ukrainian man recently arrested in Turkey is suspected of selling some of the credit and debit card numbers harvested when fraudsters hacked the computer systems at US retailer TJX earlier this year.
Authorities investigating the TJX hacking hope the arrest of Maksym Yastremskiy in the Turkish city of Kemer, will help track down the fraudsters, according to a report by The Boston Globe.
Greg Crabb, an agent with the US Postal Inspection Service's global investigations unit, told reporters that information from Turkish police holding Yastremskiy, along with information from credit card issuers, indicates that he is a major trafficker in stolen information, including data stolen in the TJX hacking.
Crabb says Yastremskiy allegedly sold card numbers through online forums hosted outside the US.
But while Yastremskiy is thought to have sold on the data, Crabb says other individuals were the masterminds of the hacking.
Banks across the US were forced to re-issue cards after fraudsters managed to steal more than 45.7 million credit and debit card numbers over a period of more than 18 months by hacking into TJX's internal computer network.
The retailer revealed on 17 January that the computer system it uses to process and store information related to customer transactions had been hacked, potentially exposing millions of customers' credit and debit card numbers, as well as driver's licence information.
Hackers placed unauthorised software on TJX's computer network and stole at least 100 files containing data on millions of accounts from systems in Framingham, Massachusetts and Watford in the UK. These systems are used to process and store transaction information.
The TJX hacking is thought to be the biggest breach of personal data ever.