A man accused in a massive data breach, impacting several large international companies, has been located in Kitchener, Ont.
Connor Moucka, also known as Alexander Moucka, was until recently living at a home in the city’s Stanley Park neighbourhood.
The 25-year-old was arrested in October and is now facing an U.S. extradition request.
Court documents detailed the allegations made against Moucka and his co-accused, John Erin Binns, who is believed to be living in Türkiye.
The U.S. court indictment stated Moucka and Binns “devised and executed international computer hacking and wire fraud schemes to hack into at least 10 victim organizations’ protected computer networks, steal sensitive information, threaten to leak the stolen data unless the victims paid ransoms, and offer to sell online, and sell, the stolen data.”
It also alleged they successfully extorted about $2.5 million from at least three of the victims who paid the ransoms and then posted offers online to sell the stolen data for millions of dollars.
Moucka is facing charges of conspiracy, computer fraud and abuse, extortion in relation to computer fraud, wire fraud and aggravated identity theft.
While no companies were named in the court documents, experts agree the details match a hack that happened earlier this year at Snowflake, a cloud-based data storage company based in the U.S.
“One of the third parties that companies pay to manage their data on Snowflake was compromised,” explained David Jao, chief cryptographer at evolutionQ, a University of Waterloo professor and a member of the Cybersecurity and Privacy Institute. “Through them, the hackers got a bunch of usernames and, in some cases passwords, and they used those usernames and passwords to get into the main accounts of these bigger companies.”
AT&T, Live Nation, Ticketmaster and Advance Auto Parts were among the companies that admitted they were affected by the Snowflake hack.
“It is certainly one of the biggest cybersecurity breaches that we’ve had in history,” Jao told CTV News.
The court documents identified one victim as a major telecommunications company in the U.S., which had about 50 billion customer call and text records stolen.
Other victims are described as a major retailer, a major entertainment company and a major healthcare company.
Documents prepared by the RCMP ahead of Moucka’s arrest outlined the seriousness of the allegations and their concerns he was a serious flight risk. They also noted that as of October 2024, Moucka continued to hack and had attempted to re-extort one of the victims.
The RCMP affidavit described Moucka as a danger to the public, to police and to himself, quoting online messages from one of his accounts that said: “I think I’d make a really good serial killer,” “I think I want to do suicide by cop,” and “I need guns to kill Canadians.”
According to the Department of Justice Canada, Moucka was arrested on Oct. 30 and appeared in court later that same day. He had another court appearance in November, where he indicated he was still waiting for a decision on legal aid.
Moucka is scheduled to be back in court on Nov. 29.
The case remains before the courts and nothing has been proven at this time.
Jao said that, while it appears the two alleged masterminds have been identified, the work continues for investigators.
“The case is not over, there are still other criminals that are out there that have not been caught yet.”