You can't run and you can't hide. Data breaches are the new normal, and the problem is likely to worsen as hackers get even better at breaking and entering.
"Every company—no matter how good their security team and no matter how strong their security technology—has something valuable these thieves want, and they will get it," said Theresa Payton, CEO of the digital security company Fortalice and former White House chief information officer. "It's not a matter of will they get in. It's what happens to your data once they get in."
It's estimated that nearly 1 billion records have been compromised in the last 10 years.
"That means everyone in this country should assume that their personal information is already compromised," said Robert Sicilano, an identity theft expert at BestIDTheftCompanys.com.
About 16.6 million people became the victims in 2012, according to a report from the U.S.Justice Department. The most common types of misused information: credit card(40 percent) and bank accounts (37 percent) information. The Justice Department estimates the cost of this crime was $24.7 billion in direct and indirect losses.
(Read more: Court halts robocalls aimed at senior citizens)
Most people find out they've been victimized when they are contacted by their financial institution. Fraud experts say we can't rely on someone else to catch the problem, though, and must take steps to protect ourselves.
"The longer ID theft goes on, the more damage is done and the longer it takes the victim to recover from it," said Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center.
That's why it's so important to be on the lookout for any warning sign that your personal information has been stolen and is being used.
(Read more: Push is on to get 'kill switch' into smartphones)
"Surveys show nine out of 10 people don't check their financial statements," Siciliano said. "That's irresponsible. You shouldn't be waiting for a retailer to tell you there's been a breach. You should be checking your financial statements more than you check your Facebook page, but people's priorities are skewed."
Here are seven of the key signs that you are a victim of identity theft:
- Bills for goods or services you didn't purchase appear on your credit/debit card statements: Don't ignore small charges. Crooks who buy stolen account numbers sometimes do a test with a small purchase. If it's unauthorized, check it out.
- Statements show up for an unknown credit card account: Armed with the right information, a thief can apply for credit cards in your name. They hope to go on a shopping spree—in your name, of course—before they get caught and the account is closed.
- A credit card or store charge card that you didn't apply for shows up in the mail: An ID thief pretending to be you may have applied for that card. Don't assume it's a mistake. Contact the company right away.
- Collection notices or calls for a debt you don't owe: It could be that an ID thief is using your personal information to buy things and not pay the bill. You'd better find out.
- Errors(misinformation) on credit report: You have the right to a free report every 12 months from the big three credit bureaus (Experian, Equifax and TransUnion). Get a report from one of the bureaus every four months and look for anything suspicious, such as an account you didn't open or credit inquiries when you didn't apply for credit. Use annualcreditreport.com.
- You have good credit, but an application for credit is denied: Find out what's going on. An identity thief could have mucked-up your credit file and ruined your score.
- Missing mail or email: If the monthly statement from your bank or credit card company suddenly stops, that could signal an issue. A thief may have filed a change of address form to get that statement and keep you from spotting his dirty work for as long as possible.
"If you take five minutes to follow up on something that's out of the ordinary, weird or just doesn't make sense, you could save yourself a lot of headaches later on," Velasquez said. The Identity Theft Resource Center has a full list of ID Theft Red Flags.
Go on the offensive
Take steps now to reduce your risk of harm when your personal information gets stolen in a data breach.
(Read more: Identity thieves gear up to steal your tax refund)
That means using secure passwords and having different ones for different accounts. If the password for your online gaming service and bank account are the same, that's a real problem.
In her new book, "Privacy in the Age of Big Data," Theresa Payton has another recommendation: Have a unique email address that you use only for your financial accounts. Why? Because an email address stolen from a department store or social-media site can be the key to more fraud.
"If you use the same email address for everything and they steal that in a breach, the first thing they do is go to your financial accounts, ask for a password reset, and bingo—they are now able to access your financial life," she said. "People need to take matters into their own hands, and a separate email for financial services is a good place to start."