A man involved in a significant data breach affecting several major international corporations has been apprehended in Kitchener, Ontario. Connor Moucka, also known as Alexander Moucka, was recently residing in the Stanley Park neighborhood of the city.
The 25-year-old was arrested in October amidst ongoing investigations and is now facing extradition to the United States. According to court documents, Moucka and his co-defendant, John Erin Binns, who is believed to be residing in Türkiye, are implicated in a series of sophisticated international cyber crimes.
The U.S. court indictment accuses Moucka and Binns of orchestrating “international computer hacking and wire fraud schemes.” The pair allegedly compromised the protected computer networks of at least ten victim organizations, stealing sensitive data and threatening to leak it unless ransoms were paid. They reportedly succeeded in extorting approximately $2.5 million from at least three entities that acquiesced to their demands, subsequently offering the stolen data for sale online.
Moucka is facing multiple charges, including conspiracy, computer fraud and abuse, extortion related to computer fraud, as well as wire fraud and aggravated identity theft. While the court documents do not explicitly name the affected companies, cybersecurity experts suggest the details closely align with a well-publicized hacking incident earlier this year involving Snowflake, a cloud-based data storage provider headquartered in the United States.
David Jao, chief cryptographer at evolutionQ and a professor at the University of Waterloo, explained that the breach stemmed from a third-party vendor responsible for managing data on Snowflake. The hackers obtained numerous usernames and, in some cases, passwords from this vendor, which allowed them to infiltrate the primary accounts of larger organizations.
Among those impacted by the Snowflake breach were notable companies such as AT&T, Live Nation, Ticketmaster, and Advance Auto Parts. Jao characterized this event as one of the most significant cybersecurity breaches in history, highlighting the gravity of the implications for affected businesses.
Court filings identified one victim as a prominent telecommunications firm that suffered the theft of approximately 50 billion customer call and text records. In addition, other victims are characterized as major players in retail, entertainment, and healthcare sectors.
Documents prepared by the Royal Canadian Mounted Police (RCMP) prior to Moucka’s arrest reflected the seriousness of the allegations, signaling concerns about his potential flight risk. They noted that as of October 2024, Moucka allegedly continued his hacking activities, attempting to extort one of the victims again.
Moreover, the RCMP affidavit portrayed Moucka as a risk not only to the public but also to law enforcement. Disturbing online messages attributed to him included expressions of violent intent, further escalating concerns regarding his profile as a suspect in this case.
Moucka was arrested on October 30, appearing in court later that day, and he has another hearing scheduled for November 29. The case remains active, with no guilt established as of yet. Jao further emphasized that while two alleged masterminds have been identified, the investigation is ongoing, indicating that other criminals associated with this breach remain at large.