Police in Turkey have arrested a man allegedly trying to sell data hacked and stolen during the now infamous theft of customer records from US retailer TJX.

Maksym Yastremskiy, a Ukrainian national, was tracked to the unlikely spot of a Turkish nightclub, where he was taken into custody. His use of the robbed data is believed to be on a significant scale - most likely as a reseller - and there is no suggestion yet that he was directly involved in the theft.

It is not clear whether the US will be able to extradite the man back to the US to stand trial, but the assumption is that the authorities will look to do this if possible.

The TJX breach compromised the customer records of 45.7 million people, and is believed to have happened through the hacking of open wireless routers at subsidiaries of the company.

In recent months, TJX has made a number of estimates as to the financial implications of what is currently ranked as the largest data theft ever uncovered. Previous estimates have amounted to around $12 million a quarter, but this week the company revised this upwards to at least $118 million in total.

More pessimistic estimates have come from third-party security companies. Protegrity put the sum as being as high as a terrifying $1.6 billion, while another, Secerno, reckoned it might hit over $2 billion, calculations which include indirect – restoration of reputation for instance - as well as direct costs resulting from the hack.