The theft happened in January 1999 but received little attention.
After the hacker stole the credit-card numbers from an e-commerce Web site, he stored them on a government site, said Jim Mackin, a spokesman for the Secret Service. He wouldn't identify either site.
Mackin said a Web administrator at the agency's site noticed a large portion of memory had been taken up for no apparent reason and discovered the stolen credit-card numbers soon after they were loaded onto the site.
"The majority were dead (expired) numbers," Mackin said.
According to Mackin, no cases of fraud stemming from the theft have been reported. But MSNBC quoted an unnamed source as saying that some of the card numbers have been used to make fraudulent charges.
Calls to major credit-card companies weren't immediately returned.
Mackin said law enforcement officials have identified the hacker and are working with diplomatic officials to bring him to justice.
Mackin wouldn't identify the country where the hacker is located.