Albert Gonzalez blamed "curiosity and addiction" for his crimes
Computer hacker Albert Gonzalez has been jailed for 20 years in the US for his part in stealing the details of more than 130m credit and debit cards.
One judge described the crime as "the largest and most costly example of computer hacking in US history".
The 28-year-old pleaded guilty to three cases of fraud at his trial last year.
Gonzalez was sentenced to 20 years for the first two cases on Thursday, and 20 years and one day on Friday for the third. The terms will run concurrently.
The judge in the third case said he had to serve the extra 24 years because the crime had been committed when he was working for the US Secret Service as an informant, reportedly receiving as much as $75,000 a year.
As part of a plea agreement, Gonzalez also agreed to hand over $1m that he had buried in his parents' garden, a condo in his hometown of Miami, a car, a diamond ring and several expensive watches.
Gonzalez was accused last August, along with two Russian co-conspirators, of hacking into the payment systems of retailers.
They targeted more than 250 US companies including payment processor Heartland Payment Systems, food and drink store 7-Eleven and American supermarket Hannaford Brothers Co.
Gonzalez was found to have used SQL injection attacks to exploit weaknesses in payment software programmes and access data, stealing millions of customer card details.
He blamed "curiosity and addiction" for his crimes.
Assistant Attorney General Lanny Breuer of the Department of Justice said that on a daily basis "cyber criminals try to steal the debit and credit card numbers of unsuspecting American consumers."
"These sentences - some of the longest ever imposed for hacking crimes - send a powerful message to hackers around the globe that US law enforcement will not allow them to breach American computer networks and payment systems, or illegally obtain identities."
Amichai Shulman, chief technology officer of cyber security firm Imperva, warned that hackers "continue to put up a persistent and very real threat to enterprise systems".
"The current data security spend is focused on enterprise networks, yet the Gonzalez attacks took distinct advantage of weaknesses in the database and applications. This is an industry-wide problem."