Gregory Kopiloff was arrested in Seattle, Washington, accused of using the Limewire and Soulseek P2P networks to commit identity theft.
Kopiloff was arrested last week on charges of mail fraud, accessing a protected computer without authorisation and two counts of aggravated identity theft. If convicted, he faces up to 29 years in prison.
Geoff Sweeney, chief technical officer of behavioural analysis software firm Tier-3, said, "Kopiloff's case acts as a stark warning to peer-to-peer file sharers, as he is alleged to have remotely scoured users' systems to look for income tax returns, student financial-aid applications and credit reports.
"The fact that he appears to be have been able to cherry-pick only those people earning more than £75,000 suggests he had a wealth of user files to choose from."
File-sharing client software is frequently updated, and during the update process it is relatively easy to accidentally allow access to a PC's entire contents or an organisation's entire data network, rather than just a few directories.