Damon Patrick Toey last week became the first person to plead guilty to helping to steal more than 40 million identities and account details in the world's biggest criminal computer hack.
US attorneys charged Toey and 10 others on 5 August with conspiracy, computer intrusion, fraud and identity theft.
They face charges of hacking into nine large US retailers, including TJX and its UK subsidiary, TKMaxx, to steal and resell more thn 40 million credit and debit card numbers. It is the largest hacking and identity theft case prosecuted so far by the Department of Justice.
Three defendants were US citizens, one was from Estonia, three from Ukraine, two from the People's Republic of China and one from Belarus. One was known only by an online alias.
The alleged leader, Albert "Segvec" Gonzalez, is believed to be a former secret service informer. Gonzales has pleaded not guilty to charges related to the TJX hack.
The defendants are accused of "wardriving" or hacking into retailers' wireless networks to copy sales transaction details. The alleged offences took place between 2003 and 2008.
Lawyers said Toey worked with Gonzales to attack computer networks, often using SQL injection attacks to find flaws in retailers' networks. He used these flaws to gain access to track 2 data (from the magnetic stripe on the back of payment cards), accounts and files before copying them and selling them to criminal third parties inside and outside the US.
If convicted, Toey faces the confiscation of three Sony Vaio laptops, an Xbox and an iPad Nano, as well as data storage units and $9,500 in cash.
The theft, which went undetected for nearly five years, allowed the thieves to withdraw "tens of thousands of dollars" at a time from foreign ATM machines. It cost TJX and other retailers millions in compensation and administration costs.