Blumenthal is civil penalties, which are limited to a maximum of $1.5 million per year, as well as a court order that would require Health Net to encrypt any personal health information contained on a portable electronic device. In a written statement, Blumenthal said, "The staggering scope of the data loss, and deliberate delay in disclosure, are legally actionable and ethically unacceptable. Even more alarming than the breach, Health Net downplayed and dismissed the danger to patients and consumers."

Health Net has offered two years of free credit monitoring and $1 million of identity theft insurance to affected members, and has promised additional assistance to anyone who does become an identity theft victim as a result of the breach.

Medical identity theft is a growing concern. One way to protect yourself is to invest in an identity theft protection service like TrustedID, which monitors for medical identity theft as well as financial identity theft. To learn more about TrustedID and other identity theft protection services, see our reviews and comparison chart.

Login data for a social networking application may seem like a trivial data breach, but it becomes a more serious matter when one considers the frequency with which the same password is reused for several online accounts. If someone gets into your RockYou account, the consequences will probably be minimal, but that same stolen data could be used to access your personal email or online banking accounts.

We've said it before and we'll surely be compelled to say it many, many more times, but: don't use the same password for multiple online accounts! It's a terrible habit that compromises your security and identity. And think carefully about whether applications on Facebook and other social networking sites are really worth the risk of viruses and identity theft.

Be sure to install Internet security software, and set it to update automatically. And consider investing in identity theft protection.

According to the FBI's top Internet crimes investigator, the public only knows about a handful of the thousands of data breaches investigated by the FBI. Because companies that suffer from data breaches fear bad publicity, they often fail to report the crime to the FBI, or wait so long that it becomes nearly impossible to track down evidence. When data theft goes unreported, the hackers are free to continue targeting more companies. And since large companies have finally begun to strengthen their data security, hackers have responded by targeting smaller companies that have fewer resources to prevent cybercrime. Since these breaches are smaller, they are less likely to be reported by the press.

If your data is compromised in a large and public data breach, you may be offered a year or two of free credit monitoring or identity theft protection. But if your Social Security data or bank account information is stolen from a small company, you may never even know. In fact, the small company itself may not become aware of the breach for months or years. To proactively safeguard your own identity, consider investing in credit report monitoring or identity theft protection before your data falls into the wrong hands.

The mistake occurred because Social Security numbers are often used as Medicare account numbers. The Universal American Action Network responded by firing the vendor responsible for the mailing, and offering one year of free credit monitoring to the Medicare members whose Social Security numbers have been compromised.

As important as it is to safeguard your sensitive personal data, particularly your Social Security number, there's just no way of guaranteeing that large organizations treat this data responsibly. Once your data has been compromised by a single careless mistake, your identity is at risk. Credit report monitoring is one way to mitigate this risk. For more comprehensive prevention and detection, you might consider investing in an identity theft protection service.

Pay stubs, balance sheets, and client account information were all dumped into the street. The client account information came from the window of Liberty Street financial firm A.L. Sarroff, and included Social Security numbers.

Documents containing sensitive personal information or confidential company data should be shredded before they are disgarded. Conscientious handling of your own personal information is one way to avoid identity theft. But since you never know when an overenthusiastic Yankees fan might fling your Social Security number out of an office window, consider investing in an identity theft protection service.

PayChoice is a leader in the payroll services and software industry, with over 125,000 business customers. It shouldn't come as a surprise that hackers have targeted a company that facilitates so many financial transactions. But what is surprising is the hackers' persistance and creativity.

To defend yourself from cybercriminals, be sure to install Internet security software, and set it to update automatically. Since the end goal of the most nefarious attacks is usually the theft of personal information that can be used to open fraudulent accounts, you might also consider investing in identity theft protection, which is designed to prevent fraudulent accounts from being opened in your name.

PayChoice is still investigating the extent of this unusually complex attack. A data breach, phishing emails, malicious websites, and numerous malicious applications including a Trojan horse. All with the likely end goal of identity theft.

How can you defend yourself against such sophisticated hackers? The best course of action is to be wary when clicking on links or downloading files, to keep your browser and Internet security software updated, and to invest in identity theft protection.

Identity theft expert Robert Siciliano blogged about the dangers of medical identity theft earlier this week. He described a new rule requiring health care providers to notify patients of any breaches of their medical information. But the fact is, many health care providers don't even realize when a breach has occurred, and in this case, continues to occur on a daily basis.

TrustedID, one of the identity theft protection services reviewed on NextAdvisor.com, monitors your medical records in order to detect medical identity theft. To learn more about TrustedID and other identity theft protection services, see our reviews and comparison chart.

Imagine being told that hackers have had access to your Social Security number for the past two years. Two years is more than enough time for an identity thief to open new credit accounts in your name, max them out with charges, and move on to the next victim. Meanwhile, unless you check your credit report regularly or subscribe to an identity theft protection service, you might be blissfully unaware of the debt that "you" have accumulated. At least, until you are denied a loan for a new house or car, or collection agents begin banging on your door. It's important that data breach victims be notified in a timely manner, but sometimes, as in this case, the breach isn't discovered until years later. The only way to immediately informed about any new, potentially fraudulent lines of credit in your name is to invest in credit monitoring or identity theft protection. A credit report monitoring service will alert you to any chances in your credit file, which will allow you to take action in response to any suspicious activity. An identity theft protection service will go beyond this basic level of protection to help prevent, detect and, if necessary, resolve cases of identity theft.

To learn more, see our reviews and comparison charts for credit report monitoring and identity theft protection services.

To learn more about credit monitoring services, see our reviews and comparison chart. You may also be interested in identity theft protection services, which take other measures to prevent and detect identity theft, in addition to credit monitoring.

Medical data security is still in its early stages, which makes medical identity theft even more difficult to prevent than other forms of identity theft. TrustedID is one identity theft protection service that does offer medical record protection. To learn more about TrustedID or other identity theft protection services, see our reviews and comparison chart.

Bennie Thompson, the chairman of the House Committee on Homeland Security, has given the Transportation Security Administration until July 8 to explain how the agency plans to ensure the security of all this data. The TSA is in the process of putting together a response to this question, and in the meantime, claims that Clear is appropriately safeguarding the collected data. Verified Identity Pass assures customers that their information is being stored in conformance with the TSA's security and privacy requirements. But the data has yet to be deleted, leaving open the possibility that it could be sold or passed on to a third party, if the intention is to use it for another registered travel program.

As long as our personal information is out there, beyond our control, it is wise to invest in identity theft protection.

Lost or stolen laptops are a major cause of data breaches. Even if the missing computer does not contain a database of sensitive personal data, in the wrong hands, it can be scoured for useful information that puts the owner at risk. For tips on how to mitigate this risk, see our "How to deal with a lost or stolen laptop" guide. And see our reviews and comparison chart for more information about credit monitoring or identity theft protection services.

As smartphones become even more popular and increasingly powerful and complex, they will draw more attention from hackers and identity thieves. Until more robust security software is made available for smartphones, users should be vigilant when it comes to security patches like this one, and consider investing in an identity theft protection service.

This breach draws attention to two areas of vulnerability in guarding one's own identity. When universities and other organizations rely on Social Security numbers for identification, those Social Security numbers are often recorded in databases that are not adequately secure. This places countless individuals at a greater risk for identity theft. Stolen computers are also a common source of data breaches and identity theft. Our NextAdvisor.com guide, How to deal with a lost or stolen laptop, details some of the ways you can prevent or mitigate the costs and risks associated with missing computers.

To learn about identity theft protection services, see our reviews and comparison chart.

This week, Consumerist posted an interesting interview with Evan Schuman, the editor and publisher of the blog StorefrontBacktalk.com, which sheds some light on the strengths and weaknesses of this new technique. The interview also makes it clear that while Heartland's strategy may be somewhat effective, only a significant investment in encryption technology by the credit card providers themselves will truly make our credit card transactions safe from identity thieves. And unfortunately, the credit card providers don't seem particularly eager to spend the money that would require.

In the meantime, the best way to stop hackers who attempt to steal your credit card data and open new credit accounts in your name is to make your own investment in identity theft protection or credit monitoring.

Criminal hackers continue to step up to the plate. Security professionals are fighting, and sometimes losing, the battle. Here's one week's worth of hacks:

Lexis Nexis, which owns ChoicePoint, an information broker I recently blogged about that was hacked in 2005, was just hacked again this week. On Friday, LexisNexis Group notified more than 32,000 people that their information may have been stolen and used in a credit card scam that involved stealing names, birth dates and Social Security numbers to set up fake credit card accounts. The cybercriminals broke into USPS mailboxes of businesses that contained LexisNexis database information, according to a breach notification letter sent by LexisNexis to its customers. The U.S. Postal Inspection Service is investigating the matter. (Check your credit reports and examine your credit card statements carefully!)

CNET reports that hackers broke into FAA air traffic control systems, too. The hackers compromised an FAA public-facing computer and used it to gain access to personally identifiable information, such as Social Security numbers, for 48,000 current and former FAA employees. In a House Oversight and Government Reform Subcommittee testimony, it was stated, "FAA computer systems were hacked and, as the FAA increases its dependence on modern IP-based networks, the risk of the intentional disruption of commercial air traffic has increased."

Computerworld reports that a hacker has threatened to expose health data and is demanding $10 million. Good for him, bad for the Virginia Department of Health Professions. The alleged ransom note posted on the Virginia DHP Prescription Monitoring Program site claimed that the hacker had backed up and encrypted more than 8 million patient records and 35 million prescriptions and then deleted the original data. "Unfortunately for Virginia, their backups seem to have gone missing, too. Uh oh," posted the hacker. Holding data hostage is nothing new, but it is becoming increasingly common.

The Register reports that botherders have taken control of 12 million new IP addresses in the first quarter of 2009, a 50% increase since the last quarter of 2008, according to an Internet security report from McAfee. The infamous Conficker superworm has occupied all the headlines, and makes a big contribution to the overall figure of compromised Windows PCs, but other strains of malware collectively make a big contribution to this number. McAfee's Threat Report notes that the US is home to 18% of botnet-infected computers.

While you can't do much about others being irresponsible with your data, you can protect your identity, to a degree. Consider investing in identity theft protection and always keep your Internet security software updated.

Robert Siciliano, identity theft speaker, discusses Ransomware.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

LexisNexis is offering all 30,000 individuals whose identities may have been compromised a free year of credit monitoring by ConsumerInfo.com.

See our reviews and comparison charts to learn more about credit report monitoring and identity theft protection.

The Symantec-sponsored report of these survey findings revealed that 59% of employees who left a company for any reason had stolen business data prior to their departure, even though 79% admitted that they violated company rules by doing so. Even more disturbing, 67% of these survey respondents actually used the data they stole, exploiting the former company's confidential information in order to secure a new job. 68% of respondents had future plans to use their former company's stolen data.

According to the survey results, most stolen data involved email communications. The survey revealed that 65% of respondents had taken email lists and 64% had pilfered old emails, while another 38% admitted to sending company data as email attachments to their personal accounts.

Other common types of stolen business information included computer history and hard copy files (62% of respondents), CDs and DVDs (53%) and small USB drives (42%). The rarest type of stolen company data was source code, which was taken by just 3% of respondents.

Unsurprisingly, the survey results also found that disgruntled employees were almost three times as likely to steal company information (61% ) than employees who liked and respected the companies they left (26%).

The report of these survey findings concluded with tips for preventing employee turnover-based data theft, advising companies to take steps that included:

• Conducting an assessment of potential data loss immediately after an employee leaves the company
• Creating or maintaining corporate policies, clearly stating that former employees will be no longer be allowed to access or use any proprietary or confidential company information once they leave
• Implementing a day-to-day monitoring system to keep track of every employee's access to network and system resources in order to discover data breaches at the time they occur and prevent any further damage from occurring

Data breaches can lead to identity theft, among other cyber crimes. To learn more about protecting yourself from data loss and identity theft, see our reviews and comparison charts for identity theft protection and online backup services. You may also be interested in NextAdvisor.com's guide on how to deal with a lost or stolen laptop.

The Heartland breach was discovered only after a pattern of credit card fraud emerged, leading back to the credit card processor. This means that the stolen card numbers were actively in use by identity thieves. Security analyst Michael Argast says that the latest stolen data has most likely also reached the hands of criminals.

Impacted banks have begun issuing replacement credit and debit cards to MasterCard and Visa cardholders, and will continue to do so over the next few weeks. It is always a good idea to have a credit monitoring service keep an eye on your credit report and alert you of any suspicious activity.

An identity theft protection service will go a step further to protect you and to prevent fraudulent accounts from being opened in your name. To learn more about credit monitoring services and identity theft protection services, see our reviews and comparison charts.

The 15% discount sale will be open to any shoppers, not just those consumers that were potentially impacted by the breach. TJX will also honor any other discounts on top of the 15% (although this does not include employee discounts). TJX has previously stated that all stores will have extended hours between 8 a.m. and 10 p.m for the special sale day.

Heartland Payment Systems, a large credit card processor based in New Jersey, announced this week that hackers had breached the company's computer network and potentially gained access to customer information related to approximately 100 million transaction processed by the company. The breach included information that would allow criminals with the proper knowledge and equipment to create duplicate credit cards.

While Heartland is based on the east coast of the United States, the company processes transactions for 250,000 business located across the country and of all sizes and types.

There is no information available regarding notification of potential victims, although most states do have strict laws that require businesses to disclose data breaches to consumers. Businesses also commonly provide free access to a credit report monitoring service to victims for some period of time following a breach. There is no word yet whether Heartland will be providing free credit report monitoring to victims.

As always, our advice is to act quickly if you believe you or your family may have been a potential victim of this breach. We recommend that consumers review their credit reports in an effort to identify any suspicious accounts or activity. Many credit report monitoring services offer free access to your credit reports and scores when you sign up for a free trial (read our reviews and comparison of credit report monitoring services to learn more). It is also a good idea to keep an eye on your credit card statements and alert your credit card company of any charges that you believe may be fraudulent.

Additionally, we recommend signing up for an identity theft protection service, such as Trusted ID or LifeLock, that can help prevent new fraudulent financial accounts from being opened in your name.

Below are some highlights from the settlement documentation regarding the terms of the sale:

• The event will include a 15% discount on all merchandise (excluding gift cards) at all TJX stores, which include TJ Maxx, Marshalls, The Maxx, A.J. Wright and HomeGoods.
• The sale will be held on a Thursday, Friday or Saturday in January, February or July at TJX's discretion.
• The discount will be available to all consumers that make purchases on the designated day, not just those customers that may have been impacted by the data breach.
• Additional discounts (excluding employee discounts) will be valid on top of the 15% discount.
• The stores will have extended hours from 8:00 a.m. to 10:00 p.m.

It is important to note that the January 22nd date has not been confirmed by TJX and that the sale itself is not required as part of the settlement agreement. However, TJX has publicly communicated that the sale will occur some time in 2009.

Below is the full text of the section of the settlement agreement related to the storewide 15% discount at TJ Maxx, Marshalls, and other TJX stores.

TJX shall hold a one-time special event (the "Special Event") in which prices on all merchandise (excluding gift cards) in all TJX stores shall be reduced by 15%. This 15% price reduction shall be applied at the check-out register and shall be in addition to all other discounts (other than employee discounts), if any, and shall be available to all customers making purchases on that day. The special event shall be on one day on a Thursday, Friday or Saturday in January, February or July as designated by TJX. The Special Event shall occur following the Effective date on a date which will allow for proper commercial management of the event. TJX stores shall have extended hours (8:00 a.m. to 10:00 p.m.) on the day of the Special Event, except as may be limited by local laws. While by necessity and practicality, the public may access this sale, the sale is provided for by this settlement benefit in the Summary Notice and shall be customary course of business notice of the event, to be advertised close in time to the day on which the Special Event will occur. TJX represents that it has not had any storewide sale event in the TJX Stores system in the past, to the best of senior management's recollection, and that this sale event is the direct result of this settlement, and that the 15% price reduction during the event shall be in addition to any and all other discounts, sales, and the like (other than employee discounts) available at the time of the event. No discount available to the public shall be withdrawn because of the Special Event.

Children can be particularly susceptible to identity theft. See our Child Identity Theft Protection Guide for 8 tips on how to protect your children from becoming victims. And if you are interested in an identity theft protection service, see our reviews and comparison.