Albert Gonzalez faced the music in a U.S. District Court in Boston on Friday, pleading guilty to masterminding one of the biggest cases of identity theft in history. The deal he struck with prosecutors could have him turning big rocks into little ones for up to a quarter of a century.

The Miami resident compromised the computer systems of large, high-profile retailers, including TJX (NYSE: TJX), BJ's Wholesale Club (NYSE: BJ), OfficeMax (NYSE: OMX), Barnes & Noble (NYSE: BKS) and Sports Authority. Tens of millions of credit card numbers were swiped in this scheme, leading to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft -- if there are other charges ... well, you get the point.

A few days after I opened an investment account for an elderly couple, I started receiving urgent messages from the husband. I called him back as soon as I could, and he excitedly told me that he was about to receive a substantial sum of money. This seemed very strange because I had reviewed his financial situation only two days earlier, and I knew that he wasn't expecting any kind of inheritance or windfall. When I asked some further questions, the old man told me that he had just received a letter saying that he had won a South African lottery worth $2 million. All he needed to do was give the sender of the letter his ID number, address, birth date and bank information within 72 hours, and the money would be his.

This immediately aroused my suspicions, and I asked him if he had ever purchased a lottery ticket for the South African lottery. When he replied that he had not, I asked him if he thought it strange that he had won a lottery that he never even entered. My client persisted, and he asked if he could show me the letter. After reading the letter, it became even more obvious that this was some kind of scam. After doing some online searching, I even found the exact same letter that he received, with a warning that this was a famous identity theft scam. Thankfully, I convinced the man not to send in any information, averting what could have been a disaster.

With the heavy and growing use of credit cards and debit cards on the web, 2007 was a banner year for conducting transactions electronically. But there is a negative side to this growth -- the number of data breaches that left personally-identifiable information vulnerable to theft set a record this year.

The theft of credit card numbers, Social Security numbers and other sensitive personal information that lives in cyberspace soared in 2007, with companies, government agencies, schools and other institutions scrambling to make all that digital information highly secure in the ongoing cat-and-mouse game with hackers and digital information thieves. Yes, even organized crime has heeded the call to steal information with through the internet these days. Surprised? Shouldn't be.

All these entities entrusted with the care of billions of dollars worth of customer information just aren't giving the attention to the problem like they should. Four words: be proactive, not reactive.

Either information thieves are far smarter than "security professionals" who try to keep this information safe from prying eyes, or there is massive incompetence when it comes to information security. With the estimate for stolen customer records sitting at 79 million this year (and even 162 million from another estimate), do you feel safe about your bank account, credit card and investment account information?

While identify theft is a huge global problem, it is also a big market opportunity. Take a look at TrustedID, which develops protection solutions.

This week the company announced a $10 million round of venture capital. Its investors include Opus Capital and Draper Fisher Jurvetson.

"Our funding process went quickly and smoothly," TrustedID CEO and co-founder Scott Mitic said in a BloggingStocks interview. "The investment community likes companies with proven market demand, strong revenue growth, reasonable customer acquisition costs and a great ability to retain customers for years."

TrustedID has a unique product called IDFreeze, which actually stops ID theft before it happens. There is even a $1 million guarantee.

"ID theft is definitely getting more pervasive and more complex," said Mitic. "As with many maturing crimes, we're seeing the problem morph and change. The majority of crimes are still focused on credit-based identity theft, but those crimes are getting more aggressive and starting to target new victims – children, for example. We're also seeing growth in non-credit based identity theft – for example employment-oriented identity theft which involves the theft of SSNs for use in employment by non-documented workers."

Yes, it's scary stuff. But, at the same time, it's propelling the business at TrustedID. "We're seeing great month-to-month customer growth and revenue growth," said Mitic.

Also visit DealProfiles.com to check out other recent venture fundings.

Tom Taulli is the author of various books, including The Complete M&A Handbook and The Edgar Online Guide to Decoding Financial Statements.

You will soon be able to stop everyone from using your good credit name, even if you have not yet had the misfortune of dealing with the mess created by a stolen identity. That's because by November 1 all three credit bureaus will allow you to "freeze" your credit report, which means no one can access your report until you give them permission.

It's not only a good idea to prevent identity theft, it's also a way to make you think before opening up a new credit account. If you're having trouble getting control of your impulses and want to get them under control, think seriously about freezing your credit accounts.

Before the change, only people who could prove they were an actual victim of identity theft were able to freeze their credit account. Seniors in certain states, where it was mandated by state law, could also freeze their accounts.

In June, I wrote a nice rant about credit card offers I was receiving with the words "Remove contents before you discard." I thought, and others agreed, that the offer implied that I needed to open the envelope to avoid the risk of identity theft.

Now Citibank is attracting controversy by mailing 3.5 million credit cards to department store customers who didn't ask for them. The cards are being sent to customers who who have had inactive accounts for more than two years.

According to CNN, "A federal law dictates that banks can issue credit cards only when customers request them or they replace existing cards. Citi considers the cards replacements to the Macy's cards already accepted by the customers."

Calling new cards sent to customers have been inactive for two years seems pretty aggressive, and consumer advocates have expressed concern that the personal information of customers could be breached.

Citi is playing pretty fast and loose with the law here. Customers shouldn't receive credit cards in the mail that they didn't ask for and don't want -- and that is exactly what is happening here.

Last week, the Transportation Security Administration became aware that an employee lost an external hard drive containing employment records of 100,000 TSA employees from January 2002 through August 2005.

Oops.

The data, which included names, social security numbers, dates of birth, payroll information and bank account routing information, among other things, was discovered missing from the TSA Headquarters Office of Human Capital. The names included various personnel and even U.S. Sky Marshals.

I'm not going to discuss how this puts our Sky Marshals, the travel industry and the American public at great risk, but you all know the potential Pandora's Box that was just opened.

While the TSA notified the FBI and Secret Service to help find the lost hard drive, they failed to notify their workers with as much haste.

If you didn't know by now, the TSA, a division of the Homeland Security Department, is responsible for the security of the nation's transportation system, including airports and train stations. The TSA has not yet mastered protecting computer hardware and their employee's private information.

Despite the fact that the TSA claims it follows strict data protection laws and has "zero tolerance for employees not following policies on data protection," they still earned a D in computer security from the House Committee on Oversight and Government Reform. To make things even worse, 2006 was the first year the Department of Homeland Security scored a passing grade.

This past Monday, the Washington Post scolded the TSA and the government saying, "This is getting ridiculous," and "... Uncle Sam's track record is horrendous."

But the TSA is not the only government organization losing things.

• The IRS lost 490 laptops during 2003-2006, many with unencrypted data
  

• The U.S. Department of Transportation lost a laptop with the personal information of 133,000 Florida residents in July of 2006.

• Personal data from 26.5 million U.S. military veterans was stolen from a Department of Veteran Affairs data analyst who took information home last May (The data was later recovered).

• The U.S. Census Bureau and the Department of Agriculture exposed 63,000 farmers to Identity theft last month.

For additional security breaches from the government see here.

It's true that most Americans worry about identity theft. If you happen to be one of the victims that I mentioned above, or fear that your own identity is at risk, Crediteria.com has a great worksheet for you.

This weekend's Wall Street Journal (subscription required) said some interesting things about retailers and FedEx Corp (NYSE: FDX).

Over 100 federal lawsuits seeking class-action status against merchants including Wendy's International (NYSE: WEN), TJX Cos (NYSE: TJX), Rite Aid Corp (NYSE: RAD) and Fed Ex Corp (FDX) have been filed for printing too much payment-card information on customer receipts this year alone.

TJX Co, the parent company of T.J. Maxx and Marshalls, reported in January that its computers were hacked and at least 47.5 million customers susceptible to fraud. For the following eight weeks, shares of TJX lost -15%; they have since recovered modestly.

As of December 4th, retailers will be prohibited from printing more than the last five digits of credit-card or debit-card numbers on receipts that are given to customers.

Breaking the law could result in fines as much as $1,000 per transaction.

A spokesman for Fed Ex Kinko's, the Fed Ex unit involved in the lawsuit, denied the charges by saying expiration dates were never identified as an item that could "compromise cardholder security."

Now, to some people this might make sense, but to me I have to scream foul against the claims made against FedEx. Does having one's credit-card expiration date on a receipt make you vulnerable to fraud and identity theft?

I'll stick my neck out on this one folks and say no.

My Discover card expires in May of 2010. Try to get something from that.

TJX Cos. (NYSE:TJX) has admitted that hackers stole 45.7 million credit and debit cards from its computer network over an 18-month period in what one analyst described as the biggest theft of its kind ever, according to the Associated Press.

The owner of TJ Maxx and Marshall's, which first disclosed the thefts more than two months ago, outlined the extent of the problem in a filing with the Securities & Exchange Commission, the AP said, adding that 45,000 customers who returned merchandise also had their personal data stolen.

This is a public relations disaster.

The company should have disclosed to customers as much information as it could in January without jeopardizing any investigations. People would've grumbled, but they would have understood the situation because computer thefts are a fact of modern life.

Since the company waited to disclose the extent of the problem, TJX made customers even angrier than they would have been otherwise. Winning them back won't be easy.

It's no wonder that the company is being sued by invidiudals and investigated by the Federal Trade Commission.

The lesson here for companies is that it's a bad idea to bury bad news in an SEC filing. That information is easily accessible and somebody will read it eventually.

While in pursuit of the low life scum who hijacked our dearly departed toddler's social security number, my wife and I rounded up a great deal of information which is essential for those unfortunate enough to fall victim to various forms of identity theft.

Here are some first lines of defense in cases when someone claims to be you, or someone you love, when they're not.

We found this Investopedia article which has all the pertinent information gathered in one condensed list. Bookmark this handy reference and print out a copy to save with your important financial papers. This one page could save you hours of searching and thinking if you ever need to address an identity theft situation. It also has a link attached with ideas to help defend from being victimized in the first place.

I also turned up a form which is provided by the Federal Trade Commission which makes reporting these problems a bit more organized. Reading this form is a good first step in the reporting process because it provides a valuable framework for getting started. The FTC is the federal government's dedicated agency for investigating identity theft and fraud by misuse of social security numbers but all of the affected agencies want to hear from you as soon as possible. Whether it be your local law enforcement agency, the IRS, or Social Security, there are many good people in your corner if you have identity theft problems. They wait only for you to reach out to them.

I hope you never have to deal with this issue, but the odds are that one in three of us will at some time encounter identity theft in one form or another. The key to successful resolution of these cases is to hit them hard and fast. Use the information I have provided and do some of your own research also. Gather up your contact information and keep it all in one safe place. Then, if the day comes when you need to defend yourself against this kind of criminal, at least you'll have some ammunition at your side.

Recently, I talked to Scott Mitic, the CEO and founder of TrustedID. His company develops products that help consumers protect themselves against identity theft.

The company is also a great source of useful information regarding identify theft, with a widely followed blog and resource center.

Well, this week he launched a search engine for identity theft: StolenID Search. Like Google Inc. (NASDAQ:GOOG), it is very easy to use. Enter your Social Security number or credit card number and you will actually see if your personal information has been stolen.

It's based on a variety of databases, which include two million pieces of information. And Scott says that he will periodically add to it. "Unfortunately, the fact is that more and more data is being stolen," he said.

So, what if your information has been stolen? Interestingly enough, the search engine provides next steps to help out.

Says Mitic: "In the first two days since the launch, we've seen tens of thousands of people searching for their information on StoldenID Search. Approximately 2% of those searches have yielded a hit, meaning a Social Security number or credit card number has been compromised. For these people it's bad news, but it's good news. We hope they'll have the chance to take steps to protect themselves before the data can be used fraudulently."

Tom Taulli is the author of various books, including the Complete M&A Handbook and the EDGAR-Online Guide to Decoding Financial Statements.

Some Boeing employees tonight are learning that they may be about to face one of the scariest scenarios possible in the technology age... identity theft. The company reported today that earlier this month one of its employees had their laptop stolen which contained some rather sensitive information.

What is at risk are names, social security numbers, home addresses, phone numbers and birth dates of 382,000 employees and retirees. While it is a scary thought to think what an identity theft would be able to do with all this information what is really scary is that this is not the first time Boeing employees have had to live through this scare. Nor is it the second. It is the third time over the last year that a company laptop containing employee information has been stolen. Previous thefts of company laptops occurred in November 2005 and then again in April of this year.

Boeing officials tried to offer some encouragement by stating that the computer was not turned on at the time it was stolen and that in order for any information to be retrieved from the computer someone would need the password to turn on the computer. While I personally don't have the skills to be able to crack a Boeing company laptop I think it is probably pretty foolish to assume that it would be all that hard for someone to bust if placed into the right persons hands.

Boeing has said that the previous thefts have not resulted in any wrong doing, but for the 382,000 people involved in this current theft I don't think that is really going to help them sleep tonight. Another good lesson that the more we become dependent on laptops in our lives the more careful we need to be to safeguard our machines, and the information that we store on them.

As Tom Taulli wrote earlier today, the number of accounts being infiltrated by computer hackers in Eastern Europe and Asia continues to rise, and your accounts at an online brokerage firm may be at risk. While E*Trade, TD Ameritrade, Schwab and Fidelity have promised to reimburse customers who lose money in their accounts due to fraud, the problem continues to grow. Who knows what the thieves will do with the information once they've gotten it by infiltrating your account?

E*Trade reported on a conference call last week that it spent $18 million in the third quarter to compensate customers affected by trading fraud, according to a report from Bloomberg. TD Ameritrade also admitted to losses, but gave no numbers. We may get more details when it reports its numbers, expected later today. Charles Schwab told Bloomberg that it didn't see "anything unusual enough to warrant a financial disclosure." Well, if I were a Schwab customer and my account were infiltrated, I certainly would consider it important enough for disclosure. I hope Schwab is being more candid with its customers. Fidelity did not comment on Bloomberg's story.

Bloomberg also reported that the FBI, the SEC and the NASD are trying to unravel exactly what is happening and how its being done. There are actually two types of fraud they are seeing. One is a classic "pump and dump," where hackers are opening an account in someone else's name and using it for illegal trading to pump up a stock. The person whose name was used for the account looks like the one responsible for the crime. Was the information used to open the account initially obtained by infiltrating an account at another online broker? No one knows for sure yet how it's done. The second type of fraud is straight theft, where hackers use personal information such as social security numbers to break into accounts. Once they have control, they sell securities and then wire the proceeds outside the U.S.

Javelin Strategy and Research of Pleasanton, California, estimates that identify theft will cost Americans $56.6 billion this year, according to Bloomberg. That doesn't even begin to account for the time it takes to clean up the mess after you've been a victim of identity theft. It can take years and hundreds of hours to get your financial history back on track. Good information about how to prevent identity theft and what to do if you are a victim is available from the U.S. Department of Justice.

I can't remember when I last used a human broker.

A recent article in the Washington Post, however, points out certain risks involved in online trading. For example, in the third quarter, E*Trade suffered losses of $18 million because of hackers, mostly from Eastern Europe and Thailand. The company is not alone. TD AmeriTrade also had losses, but the amount was not disclosed.

Interestingly enough, the frauds are a new form of pump-and-dump. That is, a hacker takes over a customer's account and buys certain micro-cap stocks, allowing for a quick payday.

How do these hackers accomplish all this? It looks like they use spyware, which is often secretly installed on computers at libraries, airports and other public places.

The good news is that online brokers are making their customers whole. However, the law does not require them to do so.

I interviewed Scott Mitic, who is the CEO of TrustedID, a company that develops software to combat identity theft. According to him, "The increase in brokerage account fraud just shows that the target is always moving, as identity thieves hone in on the next easy target. It's a game of whack-a-mole; the thieves pop up tomorrow where no one is looking today. The lesson for American consumers is to be vigilant. Double-check URLS when logging into accounts. Use recently updated anti-spyware software. Don't trust any email you get from a bank. Avoid giving personal information to anyone who calls you, even if your caller ID appears to identity the caller as a company you know and trust. We're in an era where the problem isn't going to go away; as consumers we all just need to get smarter."

Tom Taulli is the author of various books, including the Complete M&A Handbook and operates InvestorOffering.com.

One of the spreadsheets kept in a drawer at Time Warner Inc. (NYSE: TWX) headquarters must tell what percent of the AOL subscriber base is projected to move from paying for their service to the new free service that will form the foundation of the company's drive to get more Internet advertising.

AOL is making it tempting to continued as a paid subscriber. According to the Associated Press, AOL will announce that it will offer free insurance for identity theft and computer damage. The policy, from AIG, included up to $10,000 for the costs of replacing user indentity for social security numbers and bank accounts. AOL's $26 a month subscribers get the full coverage. Some subscribers under less successful plans are insured for less.

In other news, Jonathan Miller, the AOL CEO, will present at the Merrill Lynch Media and Entertainment Conference and will undoubtedly give a presentation on the company's new business model.

Time Warner shares closed at $16.90 yesterday, their highest point since late June. The stock now trades above both its 20-day and 50-day moving average.