According to the House Oversight Committee’s annual security report card, the government as a whole got a C for 2007, up from a D+ two years earlier. And several federal departments got a failing grade (see Agency report card).

"Would you want to trust your privacy to someone who scored an F?" asks Mark Rasch, a former Justice Department computer-crime prosecutor and now a global technology consultant with FTI Consulting in Baltimore. "The government compels people to provide sensitive information for everything from licenses to tax returns, so they rightfully expect an even higher level of protection than they’d get in the private sector, but that’s clearly not happening."

The data breach problem is not limited to lost laptops. Social Security numbers are visible on 40 million Medicare cards, as well as military identification cards and public court records throughout the country.

The number of data breaches that result in ID theft is unknown because most victims don’t know how their personal information was obtained. And it might be a year or more before the stolen ID is used, a 2007 Government Accountability Office report says. "People whose data are stolen ask me when they can stop worrying," says Richard Goldberg, chief of the financial institution fraud and identity theft section of the U.S. Attorney’s Office in Philadelphia. "I have to tell them there is no end to it because ID information can be resold many times."