In February, ChoicePoint, the big data broker, raised public awareness of the problem when it announced that thieves had fraudulently obtained information on 145,000 consumers.

The banks are not sure how thieves obtained the account numbers and PIN's used in the scam.

But his aim was hasty, and the thief had obtained too good a start.

"Which leaves us with the question of where the dagger came from, and what it is, and how this thief obtained it."

The thief had obtained what he had sought.

Where do thieves obtain the personal data necessary to get a credit card that has been assigned to another person?

Somehow, she says, a thief obtained one of her receipts and used it to make a $75 mail-order purchase and to book a hotel room.

That could enable thieves to obtain sensitive data like that on the magnetic strips of credit cards, which security experts advise companies not to keep.

But the real problem may be the information the thieves have already obtained.

Half of all victims knew the method by which the thieves had obtained the personal information.