He had access to 200 million accounts, and Hieu Minh Ngo admitted in federal court, that he sold bundles of information from some of those accounts.
The 24-year old worked for a subsidiary of Experian. Experian is one of the three big credit reporting agencies.
Ngo's case is taking place in New Hampshire, but it could have ripple effects in every state.
Anyone who has a mortgage, car payment, or credit card could be at risk.
"It's practically every loan," says Ed Pei of the Hawaii Bankers Association.
Court documents recently unsealed show Ngo offered up for sale social security numbers, state driver's license numbers, mothers' maiden names, bank account numbers, email information and account passwords.
He transferred the information repeatedly in bundles of 150,000 at a time between 2007 and last year.
But we may never know the scope of the breach because Experian is not required to report that or notify the victims.
"This is really outrageous," says Hawaii Senator Brian Schatz, who is on the commerce committee and says he supports a bill that would require companies to divulge details of a security breach.
"What we have to do is change the federal law so that consumers have basic rights," says Schatz, "It's just not fair."
The only way to figure out if you've been victimized, monitor your credit history.
"We're dealing with identity theft," says Pei, who says the crooks could be trying to open credit card accounts in your name or buy big ticket items like cars.