Roman Valerevich Seleznev (or Seleznyov, Russian: Роман Валерьевич Селезнёв; born July 23, 1984), also known by his hacker name Track2, is a Russian computer hacker. Seleznev was indicted in the United States in 2011, and was convicted of hacking into servers to steal credit-card data. His activities are estimated to have caused more than US$169 million in damages to businesses and financial institutions. Seleznev was arrested on July 5, 2014, while vacationing in the Maldives, and was sentenced to 27 years in prison for wire fraud, intentional damage to a protected computer, and identity theft. Seleznev would only serve ten years in prison before he would take part in the 2024 Ankara prisoner exchange that involved 26 total people, including himself.

Seleznev is the son of Valery Seleznev, a member of Russia's Duma.

He began his activities in early 2003 on the credit card fraud site CarderPlanet, providing paid Social Security numbers and criminal-history research using (among others) stolen LexisNexis accurint.com accounts. Seleznev's employee later created a scanner which allowed a user to scan the internet for MSRDP open ports (3389 by default). Default configurations provided poor protection at the time, and many administrator accounts were not secured by passwords. Exploiting this vulnerability, Seleznev and his partner accessed many remote computers, including those with financial and credit-card data.

He contacted BadB, another hacker, to gain more experience in exploiting financial systems. BadB, a cybercriminal identified in 2009 as Vladislav Horohorin, provided Seleznev with an automated script to look for credit card traces in systems and networks. With this script, Seleznev obtained his first credit-card dumps, which he resold to Horohorin. He became dissatisfied with Horohorin, and decided to begin his own credit-card-dump operation using the nickname nCuX (from Russian: псих, "psycho").

Seleznev expanded his operations in 2008 from scanning MSRDP with default (or no) passwords to developing sophisticated malware which could intercept network traffic and search network shares, distributing it through flaws in web browsers by injecting malicious code into advertising traffic. He infected many computers, primarily in the United States.

By May 2009, USSS believed they had collected enough information to come to the conclusion that nCuX was probably the identity of Roman Seleznev. They had a meeting with the Russian intelligence agency FSB in which they shared information from their investigation and their belief that nCuX was Seleznev. Shortly after this meeting, in June 2009, nCuX closed all of his accounts and disappeared from the Internet; USSS suspected FSB had tipped Seleznev off.

After shutting down nCuX, Seleznev created two other names (Track2 and Bulba) and used them to operate his own automated stolen-credit-card shops. He bought advertising space in the "Dumps" section of the illegal carding forum carder.su, which was shut down in a 2012 Department of Homeland Security operation. Horohorin's advertising campaign on carder.su was also shut down, and a denial-of-service attack ensued. He was arrested by USSS in August 2010, leaving Seleznev without competition.

During a vacation in Morocco, Seleznev received a severe head injury in the 2011 Marrakesh bombing and was evacuated to Moscow for surgery.