But when it comes to one of our most precious assets - our unique identities - good luck to anyone trying to safeguard a name, address, birth date, or Social Security number.

Once a fairly infrequent occurrence, assaults on identities are coming now in waves, and from all corners:

Thugs are raiding mailboxes for personal information, and turning Starbucks gift cards into fake IDs. Unscrupulous employees are stealing private data about their colleagues, then going on shopping sprees. White-collar criminals are running sophisticated identity theft rings, sometimes global in scope.

And businesses, universities and government agencies increasingly are reporting major data breaches after neglecting to adequately secure personal data files entrusted to their care.

In the latest breach, announced last week, CitiFinancial, a unit of Citigroup Inc., reported it had lost in shipment a box of computer tapes with private account information for 3.9 million customers.

According to the Privacy Rights Clearinghouse in San Diego, the CitiFinancial loss was the 40th major data breach reported in the past four months. It pushed the number of individuals whose personal information has been compromised during that time to more than 9.5 million.

Consumer advocates are furious about all the data on the loose. Although most of the breaches have not resulted in individuals being victimized, the potential for criminal activity is vast.

"This has reached an epidemic level," said Beth Givens, director of the Privacy Rights Clearinghouse, a nonprofit consumer advocacy group. "What we're seeing here is a very leaky boat. Companies with sensitive personal data are not doing even the basics to protect the information."

The high-level corporate breaches are just one slice of trouble on the ever-expanding spectrum of identity theft.

Police detectives, district attorneys and others who protect the public are reporting a disturbing upswing in existing criminals turning to identity theft.

The buzz among the bad guys: Most identity theft cases never get resolved. And for those who do get caught, the crime doesn't count as a strike under California's tough "three-strikes" sentencing law, and sentences tend to be light.

In many cases, criminals in prison are teaching one another how to use the Internet, manipulate personal data and create counterfeit checks and driver's licenses, law enforcement experts said. Prison rehabilitation programs that emphasize computers are further reinforcing their skills, said Detective Jim Hudson of the Placer County Sheriff's Department. Increasingly, drug dealers and users are being drawn to the crime to finance their habits, he added.

"There's very low risk with identity theft compared with robbing a bank," Hudson said. "You don't have to use a gun and you don't risk a long prison term."

In a complicating trend, criminals are banding together, sharing stolen personal information and counterfeit techniques across state lines, and creating vast webs of victims.

Over the past two months, for example, Hudson and other local investigators have worked to break up a complex identity theft and forgery ring that involved dozens of victims and numerous banks and merchants.

In late April, Placer County detectives arrested three alleged participants in the ring and charged them with an assortment of crimes including forgery, mail theft, and identity theft. One pleaded guilty and was placed on probation in a drug rehabilitation program, while the other two are in Placer County jail awaiting criminal proceedings.

Six weeks later, on June 4, after more stakeouts and investigation, detectives arrested three more alleged participants. They are in jail awaiting proceedings on identity theft-related charges, Hudson said.

According to Hudson, the highly organized crime ring had different jobs for different members. Several broke into cars and mailboxes to steal personal identifying information. Two others printed up counterfeit checks and driver's licenses using laptop computers, laminating machines and Starbucks gift cards, he said.

Still others worked as "shoppers," using the phony IDs and counterfeit checks to purchase everything from food to small electronics to underwear.

Some people in the ring were paid in cash, some in drugs, some in purchased goods. "It's a huge barter network," Hudson said.

The reach of the case has been extensive. Hudson has identified 54 victims so far, with more expected to emerge.

Renee Webster, a special education P.E. teacher from Fair Oaks, was among the victims.

One day in April, she said, she used an ATM and saw that her checking account balance was $2,000 lower than it should have been.

"I panicked," she recalled.

She soon learned that several fraudulent checks bearing her account number had been used to purchase cosmetics, groceries and other items from Target, Foot Locker, WinCo and other stores. She now believes thieves got her account number by intercepting a bill payment to Comcast, which the cable firm never received.

Webster's bank reimbursed her, and she reported the fraud to Sacramento County sheriff's officials, who warned her that most identity thieves don't get caught.

A few weeks later, though, she got a call from Hudson, saying that her driver's license number had been among the numerous pieces of stolen personal information that he found while arresting the first three suspects in the ring.

Although she was relieved by the arrests, Webster has since become more cautious in guarding her finances and personal information. For example, she now deposits mail inside the post office.

Another victim of the same ring, Elliott Roberts of rural Granite Bay, spent weeks trying to correct his credit record after fraudulent checks were written on his bank account. He believes his personal information was stolen from his mailbox.

"It's just a real hollow feeling," Roberts said, "when you have no control over something like this."

Roberts and Webster both said they feel fortunate they weren't further victimized.

Some people have suffered huge financial losses and irreparable harm to their credit standing because of identity theft.

According to the Federal Trade Commission, a 2003 study placed the annual tally of identity theft victims at 10 million. The annual cost to business was pegged at $48 billion, with victims' out-of-pocket costs estimated to be $5 billion.

"It's a hard-hitting crime. It's huge," said Betsy Broder, who oversees the FTC's identity theft program.

Caroline Park, a Sacramento County deputy district attorney, said criminal styles and approaches vary widely. In one recent case, a man bought seven cars from seven different dealers, using other people's Social Security numbers to gain credit. In another, a thief passed a fraudulent check for more than $100,000 through a corporate account.

Park and other investigators said it is common for family members to commit identity theft on other family members, including parents who use their children's Social Security numbers for fraudulent purposes.

"The bad guys will even target other bad guys. They'll target their own mothers," said Lynn Roloff, a detective with the Identity Theft Task Force of the Sacramento County Sheriff's Department.

Even the most careful consumers still can get hit, thanks to the huge volume of electronic personal information that has been bought, sold, shared and posted on the Internet. Identity theft has become a new reality in a high-tech era.

"The Internet is making more and more data available to the nasty folks," said Matt Bishop, a professor of computer science at the University of California, Davis.

The recent rash of prominent data breaches has led consumer groups and politicians to urge greater controls on companies and government agencies with access to personal information. Law enforcement groups also are pushing for tougher penalties for those engaged in identity theft and fraud.

In recent months, numerous laws have been introduced in various states and Congress to give consumers more say over whether their private information is sold or shared, and to require more thorough notification when data breaches occur. California already has a breach notification law on the books, and it is serving as a model for other states.

A galvanizing moment for consumer advocates came in February, when news broke that con artists had acquired sensitive personal information from a data collection firm called ChoicePoint Inc.

As many as 145,000 people - most of whom had never heard of ChoicePoint - had their personal information compromised. The breach might have been kept out of the public eye had California's notification law not been in place.

Since then, numerous other data breaches have been reported by firms, colleges and government agencies across the nation. The causes have included stolen laptops, hackers, dishonest employees, and records that were lost.

"This has shed the light that businesses need to treat our information more carefully," said Steve Blackledge, legislative director of CalPIRG, a statewide consumer advocacy group.

Linda Foley, co-executive director of the Identity Theft Resource Center in San Diego, said it is outrageous that many companies are not using proper security measures, such as encryption (scrambling data), protective passwords, and internal controls to limit the spread of personal information.

She and other consumer advocates also are concerned about the many pre-approved credit offers and convenience checks sent unsolicited to consumers by credit and financial companies. Such checks and offers can be a gold mine for identity thieves, and should be sent only to consumers who request them , advocates say.

John Hall, spokesman for the American Bankers Association in Washington, D.C., said many consumers appreciate receiving new credit offers.

"There's always going to be a balancing act between convenience and security," Hall said. He added that banks already are heavily regulated by several federal agencies, and by law may share personal consumer information only internally with affiliates.

Joanne McNabb, chief of California's Office of Privacy Protection, said it will take the efforts of many parties to get a grip on the spread of identity theft. Among the many who need to be more vigilant are merchants, who should be training employees to watch for fraudulent checks and IDs, she said.

* Monitor your credit reports.

* Don't give out your Social Security number.

* Take your mail to the post office; never leave it out where thieves can get it.

* Buy a shredder and use it when discarding anything with your name, address or other personal information.