Vladislav Anatolievich Horohorin, 27, aka BadB, was one of the top sellers of stolen bank card data has been arrested in France, and faces extradition to the United States on an indictment unsealed Wednesday in Washington, D.C. According to Wired Threat Level, he was one of the earliest members of CarderPlanet, a first of its kind Russian-language carding forum that was launched around 2002 by a group of East Europeans. CarderPlanet was shuttered in 2004, and BadB had more recently been selling his stolen goods at carder.su and on his own websites, dumps.name and badb.biz.

He promoted his talents via this entertaining Flash cartoon video:

Horohorin is currently being held in France pending extradition to the U.S. The word is that he faces a maximum sentence of 10 years in prison and a $250,000 fine if convicted on the access device fraud charge, and an additional 2 years in prison and a fine of up to $250,000 if convicted of the identity theft charge. Hmmm…those charges seem pretty light to us.

The company also stated in an official news release that it “firmly believes it did not violate any consumer protection or data security laws.” However, California Attorney General Jerry Brown had a different POV and cited the company’s 2004 internal audit, which found security vulnerabilities. Here’s what he had to say: “TJX ignored flaws in its credit card database, until hackers broke into it, gaining access to the personal information of almost 50 million people. This agreement requires the company to carefully test its security systems and upgrade them to the highest contemporary standards.”

So, what’s the moral of this story?? Always be prepared, stay one-step ahead of the bad guys and have the right breach plan in place.