Reports say 21-year-old Jacob Vincent Green-Bressler was not involved in actually stealing and selling identities, but used the information he bought from hackers to defraud thousands of US bank customers.
Green-Bressler was convicted of soliciting information, including credit and debit card account numbers, personal identification numbers, expiration dates, passwords and Social Security numbers.
Using this data, he was able to create counterfeit credit cards, which were then used to fraudulently withdraw money from cash machines in Arizona.
About half of this stolen money would then be transferred back overseas to the cyber-criminals who supplied the original information.
At the height of the scam, it is estimated that Green-Bressler held more than 4,500 illegal credit and debit card account numbers and PINs, and that more than £150,000 was wired overseas.
"While good headway has been made in clamping down on the hackers that sell stolen identities online, more action needs to be taken to stop the criminals that buy and use this information," said Graham Cluley, senior technology consultant at internet security software firm Sophos.