Canadian authorities have reportedly arrested an individual suspected of orchestrating a large-scale campaign leading to the compromise of Snowflake accounts belonging to 165 organizations.

The campaign came to light in late May, after Snowflake warned that a limited number of customers that did not have their accounts protected with multi-factor authentication were targeted by threat actors.

In June, Mandiant, which was involved in investigating the attacks, revealed that the attackers used credentials compromised in previous information stealer infections to access the improperly protected accounts.

The campaign, attributed to a threat actor tracked as UNC5537, started on April 14 and impacted organizations such as Ticketmaster, Santander Bank, Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, Progressive, AT&T, and State Farm.

The attackers were later said to have demanded ransom payments between $300,000 and $5 million from the victim organizations in exchange for deleting the data stolen from their Snowflake accounts.

On October 30, Canadian authorities arrested Alexander ‘Connor’ Moucka, following a request from the US in relation to the Snowflake campaign, according to reports from Bloomberg and 404 Media. He is scheduled to appear in court on Tuesday.

The Canadian authorities did not share information on Moucka’s arrest or his potential extradition, but people familiar with the matter reportedly confirmed that he was responsible for the Snowflake hacks. Moucka was reportedly known online as Judische and Waifu.

In May, Judische boasted on Telegram about hacking several known Snowflake victims just before the hacks were publicly confirmed, investigative journalist Brian Krebs reported in September, noting that Waifu was one of the most successful SIM swappers known on underground forums.

Krebs also noted in September that Judische is a 26-year-old software engineer from Ontario, Canada.

Another individual believed to have been involved in the Snowflake hacks, namely John Erin Binns, was arrested in Turkey. Binns was indicted in the US for the 2021 T-Mobile data breach.

Related: RedLine and Meta Infostealers Disrupted by Law Enforcement

Related: It’s Time to Reassess Your Cybersecurity Priorities

Related: Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike

Related: Author of Dryad and Rubella Macro Builders Arrested