Russian cybercriminal extradited to U.S. in massive data breach case

A Russian citizen plead not guilty Tuesday to 11 charges filed in a New Jersey federal court in what the Justice Department is calling the largest hacking and data breach prosecution ever pursued in the U.S.

Vladimir Drinkman, 34, appeared for the first time in a U.S. court after his arrest in the Netherlands in 2012 stemming from allegations that he participated in a massive, international hacking and data breach scheme that targeted some of the largest payment processor companies, retailers and financial institutions in the world. The attacks succeeded in stealing more than 160 million credit card numbers and is estimated to have caused the victims hundreds of millions of dollars in losses.

U.S. Magistrate Judge James B. Clark ordered Drinkman held without bail and set a trial date for April 27.

According to an indictment unsealed in 2013, Drinkman and four co-conspirators penetrated the networks of major corporations and allegedly took user names and passwords, means of identification, credit and debit card numbers and other corresponding personal identification information of more than 160 million cardholders.


The victims named by the Justice Department include J.C. Penney, NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard.

Drinkman and the others charged in the indictment allegedly gained access to the networks of the companies by exploiting a database vulnerability known as a SQL injection attack. They then allegedly installed back doors on the networks that allowed them to maintain access to the networks for long periods of time, in some cases more than a year. The stolen credit card information was eventually sold on the underground identity theft market for as little as $10 per card number.

“As a result of the scheme, financial institutions, credit card companies and consumers suffered hundreds of millions in losses—including more than $300 million in losses reported by just three of the corporate victims—and immeasurable losses to the identity theft victims in costs associated with stolen identities and false charges,” the Justice Department said in a statement Tuesday.

DOJ worked closely with the Department of Homeland Security and the U.S. Secret Service on the investigation.

“This case demonstrates our commitment to fulfilling an important part of our integrated mission; that of protecting our nation’s critical financial infrastructure,” said Acting Secret Service Director Joseph P. Clancy. “Our success in this investigation and other similar investigations is a credit to our skilled and relentless cyber investigators.”

Dan Verton

Written by Dan Verton

Latest Podcasts