When Joe Protain got a traffic ticket near Cincinnati in 2006, his penalty was far greater than the $150 fine he paid for speeding. Protain, a 36-year-old surgeon now living in Warren, Ohio, discovered last year that traffic-court records publicly posted on the Franklin County Municipal Court Web site, including his address and Social Security number, enabled a ring of identity thieves to rack up more than $11,000 worth of charges in his name. He is still trying to recover from the fallout of the ID theft.

"It’s ridiculous that this kind of information was made available online, given all of the harm it can do," Protain says.

Americans trust government officials, from federal agencies such as the Internal Revenue Service to local courts, to safeguard the sensitive financial and personal data they are required to place in officials’ hands. But a Consumer Reports investigation shows that government is among the biggest sources of ID leaks and that penalties for ID teft are rarely imposed on those who are negligent.

We analyzed records of publicly reported data breaches compiled by the nonprofit Privacy Rights Clearinghouse and found that more than 230 security lapses by federal, state, and local government from 2005 through mid-June 2008 resulted in the loss or exposure of at least 44 million consumer records containing Social Security or driver’s-license numbers and other personal information.

That represents almost one out of five ID breaches of all types reported during that period. But even those statistics probably do not fully portray the problem. A 2006 investigation by the House Oversight and Government Reform Committee found that 788 breaches had occurred in the three and a half years between January 2003 and July 2006 at 17 federal departments and agencies. Few of those incidents were publicly disclosed.