We are constantly warned to protect our passwords, Social Security numbers and other “personal identifying information” to thwart thieves who may steal laptops or perpetrate online fraud. Although such breaches have soared since 2005 ( right ) as criminals try to commit identity theft, the truly enormous breaches ( bottom ) have increasingly been carried out by “hacktivists”--individuals or groups who are angry about an organization’s actions. Hackers, for example, exposed data about 77 million Sony customers after the company pursued legal action against other hackers. “More than 107 million people were affected by hacking during the first half of 2011,” says Jake Kouns, CEO of the Open Security Foundation in Glen Allen, Va., which runs the Data­LossDB project (the data source for graphics on this page).  

Will you be informed if your data are exposed? Maybe not. Congress is considering bills that would require companies to notify customers of breaches only if there was a “reasonable risk” that personal information was taken. Right now many states require companies to disclose all breaches.