A Russian man has been sentenced to a record 27 years in prison by a United States court for hacking point of sales systems and stealing credit card data.
Roman Seleznev, known as Track2, was found guilty in 2016 of installing malware on POS systems between 2009 and 2013 and stealing millions of credit card details.
Seleznev onsold the credit card information in carder forums on the dark web, the US Department of Justice said.
The Russian is believed to have caused losses of US$169 million (A$224 million) through his fraudulent activities, the DoJ said. The 32-year-old is the son of a Russian member of parliament.
More than 500 American businesses were targeted by Seleznev, including small operations like a Seattle food outlet that went bankrupt after being hacked.
Seleznev was arrested in the Maldives in 2014 and extradited to the United States.
Over 1.7 million stolen credit card numbers were discovered on his laptop, along with evidence linking the Russian hacker to servers, email accounts, and financial transaction data used in conjunction with the carding operation.
The DoJ said Seleznev could face further legal repercussions under separate indictments in Nevada and Georgia, for possession of unauthorised access devices, racketeering, and wire and bank fraud.
The record 27-year sentence was imposed by US district judge Richard A. Jones of the Western District of Washington.
“This investigation, conviction and sentence demonstrates that the United States will bring the full force of the American justice system upon cybercriminals like Seleznev who victimise US citizens and companies from afar,” acting assistant attorney general Kenneth Blanco said in a statement.
“And we will not tolerate the existence of safe havens for these crimes – we will identify cybercriminals from the dark corners of the Internet and bring them to justice.”