Computer hacker Albert Gonzalez faces a minimum 17-year prison sentence after pleading guilty to a string of cyber-attacks on several firms - including Heartland Payment Systems - that resulted in the theft of tens of millions of payment card details.
Gonzalez, 28, from Miami, pleaded guilty to two counts of conspiracy to gain unauthorised access to the payment card networks operated by, among others, Heartland, 7-Eleven and Hannaford Brothers.
The plea agreement will see him serve between 17 and 25 years in prison, with sentencing set for March.
A Department of Justice statement says Gonzalez leased or controlled several servers, or "hacking platforms", providing other criminals with access to them from which malware attacks were launched on corporate targets.
The latest plea comes after Gonzalez admitted 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft in September relating to hacks into numerous major US retailers including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority.
US Attorney Ortiz, district of Massachusetts, says: "The conviction of Mr Gonzalez, and the unravelling of one of the most complex and large scale identity theft cases in history, should serve as a reminder to hacker organisations, that the Department of Justice will vigorously investigate and prosecute cybercrimes, regardless of their sophistication and global reach."
Last month one of Gonzalez's conspirators, former Morgan Stanley software engineer Stephen Watt, was sentenced to two years in prison for developing the software used to capture payment card data.