Michael McCartney, who runs DIGITS LLC a computer forensics and data recovery company, said banks, Department of Defense contractors, and mom-and-pop businesses are hacked for personal information all the time.

"Everyone's a target," he said. "We found that those who collect personal information harvest as much data as they can. They turn around and sell that data as lists to thieves."

A person may not know immediately if he or she has been victimized. Maybe the list sits on a crook's desk for a few weeks or even months before he uses the data in a scam. Maybe your name is on Page 6 of that list, and he used information on only the first three pages.

"I may become a victim- not right away, maybe not for several years," McCartney said.

www.privacyrights.org is a website used to provide privacy-related information, including security breaches. It is used by those in the identity theft industry for statistics and other data.

At the site, it says the mission of the non-for-profit that runs it- Privacy rights Clearinghouse- is to raise consumer awareness of how technology affects personal privacy. A detailed list of security breaches, by industry, can be found there.

According to the site, 538 security breaches in the health-care industry have been made public, an average of 6.8 per month dating to Feb. 18, 2005.