BOSTON – A computer hacker who helped orchestrate one of the largest thefts of credit and debit card numbers in U.S. history faces sentencing this week for hacking into computer systems of major retailers, including TJX Cos., BJ’s Wholesale Club and Maine-based Hannaford Brothers supermarket chain.

Prosecutors plan to ask for a 25-year prison sentence for Albert Gonzalez, a former federal informant from Miami who pleaded guilty last year in three separate hacking cases brought in Massachusetts, New Jersey and New York.

The sentence sought by prosecutors is the maximum under the terms of plea agreements in cases against Gonzalez brought in Massachusetts, New Jersey and New York. He will be sentenced in all three cases during hearings Thursday and Friday in U.S. District Court.

His lawyer will argue that Gonzalez should get no more than 15 years.

Prosecutors said Gonzalez victimized millions of people and cost companies, banks and insurers nearly $200 million. They said just two of Gonzalez’s computer servers contained more than 40 million distinct credit and debit card numbers.

“The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled,” Assistant U.S. Attorney Stephen Heymann said in a sentencing memorandum filed in court.

Between Dec. 7, 2007, and March 10, 2008, Gonzalez and other hackers stole credit and debit card numbers from people who shopped at Hannaford supermarkets. The Scarborough-based chain operates more than 200 stores under various names in New England, New York and Florida.

An estimated 4.2 million card numbers were exposed, and by the time Hannaford publicly announced the breach on March 17, 2008, about 1,800 fraudulent charges had been made.

Gonzalez, 28, pleaded guilty in December to conspiracy to gain unauthorized access to computer servers at Hannaford, the convenience store chain 7-Eleven Inc. and Heartland Payment Systems Inc., a New Jersey-based processor of credit and debit cards.

He pleaded guilty in September to hacking into the computers of TJX Cos., BJ’s Wholesale Club, OfficeMax, BostonMarket, Barnes & Noble, Sports Authority and the Dave & Busters restaurant chain.

Gonzalez’s Boston attorney, Martin Weinberg, did not immediately return calls seeking comment on his sentencing recommendation of 15 years.

Weinberg said during an earlier court hearing that he would ask for a lesser sentence based in part on a defense psychiatrist’s report that Gonzalez shows behavior consistent with Asperger’s syndrome, a form of autism. The report described Gonzalez as an Internet addict with an “idiot-savant-like genius for computers and information technology,” but socially awkward.

Gonzalez, who was known online as “soupnazi,” was a self-taught computer genius.

He was first arrested for hacking in 2003, but he became a government informant, helping the Secret Service find other hackers. But prosecutors said that over the next five years, he hacked into the computer systems of major retailers while continuing to be an informant for the government.

During that time, authorities said, he amassed $2.8 million and lived a lavish lifestyle. As part of the plea deals, Gonzalez must forfeit more than $2.7 million, plus his Miami condo, car, Rolex watches and a Tiffany ring he gave to his girlfriend.

Authorities said Gonzalez and two foreign co-defendants used hacking techniques that involved “wardriving,” or cruising through different areas with a laptop computer and looking for retailers’ accessible wireless Internet signals. Once they located a vulnerable network, they installed “sniffer programs” that captured credit and debit card numbers as they moved through a retailer’s processing computers — then tried to sell the data overseas.