The members of a hacking ring responsible for stealing more than 40 million credit and debit card numbers from retail organisations in the US have been caught and charged.

The case before the US Department of Justice is believed to be the largest hacking and identity theft case ever prosecuted.

The group of eleven perpetrators allegedly hacked into nine major US retailers.

Now charged by a Boston court with numerous crimes, including conspiracy, computer intrusion, fraud and identity theft, the criminals allegedly obtained bank details by hacking into the retailers' computer networks and then installing 'sniffer' programmes to capture card numbers and password details as the customers moved through the retailers' credit and debit processing networks.

The ring is also said to have sold the customer information to criminals in the US and Eastern Europe, who then encoded the card numbers on the magnetic strips of bank cards. They then used the cards to withdraw tens of thousands of dollars from ATMs.

Mike Maddison, head of security for consultancy Deloitte, said he was not surprised by the scale of data the hackers gained access to.

"We have seen so many data breaches recently and they all compromised large amounts of data," he said.

Maddison said consumers need to take more responsibility for their data, adding: "They need to analyse their bank statements and call up credit check companies so they are aware of fraudsters trying to take up loan agreements."

The nine US retailers targeted include: TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes and Noble, Sports Authority, Forever 21 and DSW.