A Tucson, Ariz. man was sentenced to seven years in federal prison this week for buying stolen identities and credit card numbers.

Jacob Vincent Green-Bressler, 21, was sentenced in U.S. District Court to 84 months " 60 months for a felony conspiracy offense and a 24-month consecutive sentence for aggravated identity theft. He pleaded guilty on March 9 to conspiracy to commit offenses against the United States and aggravated identity theft, as well as a misdemeanor possession of stolen authentication features charge.

In addition to his prison sentence, the court ordered Green-Bressler to make restitution to the victim banks, forfeit property bought with his ill-gotten gains, and serve a three-year term of supervised release.

"While good headway has been made in clamping down on the hackers that sell stolen identities online, more action needs to be taken to stop the criminals that buy and use this information," said Graham Cluley, senior technology consultant at Sophos, in a written statement. "Tackling the identity theft problem is not just about stopping the suppliers. There are always more cybercriminals lurking out there ready to step into their shoes. It's just as important that anyone buying this information doesn't think they can get away scott free."

Green-Bressler's arrest came as part of a larger sting which netted 16 other people from the Tucson area involved with an identity theft operation. The Department of Justice reported that he and his co-conspirators possessed more than 4,500 illegally obtained credit and debit card account numbers and their relating personal identification numbers (PIN).

The U.S. Attorney's Office reported in a written release that Green-Bressler solicited stolen credit card information on Internet Relay Chat rooms and forums run by the suppliers. The suppliers advertised the stolen information they obtained using phishing, pharming and spam scams. Green-Bressler bought information on U.S. banking customers from suppliers located in Vietnam, Pakistan, Jordan, Egypt, Philippines, Macedonia, Romania, Estonia, Kosovo, Canada, Russia, United Kingdom, Panama, Morocco, Lebanon, Mexico, Australia, Lithuania, and France.

The information he received, according to the DOJ, included credit and debit card account numbers, associated PINs, algorithms, and proprietary information relating to the customer's account, including expiration dates, passwords, and Social Security numbers.

The defendant and his co-conspirators used the information to create fraudulent credit and debit cards. They then used the cards to withdraw money from ATMs. The DOJ noted that on March 9, 2005, Green-Bressler and two co-defendants used one of the counterfeit credit cards to withdraw about $148,000.

They would then wire half of the money they withdrew to the overseas suppliers. It's believed that they transferred more than $300,000.

Last month, the DOJ submitted proposed legislation to Congress, looking to beef up laws that would take on the burgeoning problem of identity theft.

The bill -- the Identity Theft Enforcement and Restitution Act of 2007 -- seeks, in part, to make sure identity theft victims are paid back for the time they spend trying to repair the damage inflicted upon them and their financial standing. The bill also would add to the current identity theft and aggravated identity theft statutes, which focus on stealing the identity of individuals. The bill supplements that by making sure people who steal information from companies and organizations can be prosecuted, as well.