An estimated 13.1 million Americans were victims of identity theft-related fraud last year. That's up more than 500,000 people from 2012. According to a just-released Identity Fraud Study by Javelin Strategy & Research, someone in this country becomes a victim every two seconds.
And note, this survey of 5,600 consumers across the country was done in October, before the massive Target breach.
"This data clearly exposes just how ineffective current security practices have become," said Alphonse Pascual, a senior analyst at Javelin who co-authored the study. "The businesses we trust with our personal information have become easy targets."
(Read more: After Target breach, the fight's on for smart cards)
While the number of victims is up, less money was stolen: $18 billion last year, down $3 billion from 2012. One reason for the decline: Financial institutions are doing a somewhat better job of spotting fraud and shutting down accounts as soon as it's detected.
But to Adam Levin, chairman of IDentity Theft 911, this really isn't good news.
"It's not just about dollars and cents; it's about the victims," Levin said. "ID theft disrupts your life. It creates real havoc and sometimes the consequences are horrendous. We need to keep these criminals from breaking and entering databases in the first place."
Remember, when crooks steal this information, especially card numbers, they use it. For example, Javelin found that nearly half (46 percent) of the people who had their debit card number breached last year became fraud victims.
It's not just credit and debit cards
The bad guys are after any account that has money in it. So, they're also attacking noncredit card accounts, including eBay, Amazon and PayPal. Wireless phone accounts appear to be a favorite target. If they hack into your account, the crooks can order a new line and bill it to you, or charge you for premium text messages you didn't make.
(Read more: Seven signs you're a victim of identity theft)
This noncard fraud grew dramatically last year, tripling from 2012. Javelin estimates this fraud loss at $5 billion.
"They're changing tactics; they're spreading out," Pascual said. "In the past, they were focused on checking and savings accounts; now they're going after everything."
A new type of fraud
Identity thieves have changed their game plan a bit. They don't always open a new account when they steal your personal information. These days, they're more likely to take over your existing bank or credit card account. These account takeovers now represent about 28 percent of identity fraud losses.
"If you're not regularly monitoring your accounts, it could be a while before you realize something has happened," said Steve Schwartz, executive vice president of Intersections Inc., a fraud prevention company that co-sponsored the Javelin report.
With an account takeover, the criminals can lock you out of your own account by changing the log-in information. This creates a massive headache for the consumer and the company. How can they tell the real you from the ID thief pretending to be you?
Data breach notifications are not to be ignored
There were 619 reported data breaches last year, according to the Identity Theft Resource Center. Unfortunately, this crime has become so common that it's easy to ignore a breach notice. That's a big mistake.
Based on its survey, Javelin concludes that one in three people who were notified of a data breach last year became a victim of some sort of fraud. That's up from one in four in 2012.
(Read more: These card companies offer best fraud protection)
What does that mean for the Target customers who had their card numbers compromised?
"Based on past history, the odds are that of those 40 million people who had their card data stolen in the Target breach, a third of them will have some sort of fraud incident happen to them this year," Schwartz said.
So, if you get a breach notice take it very seriously, because statistics show you are at a higher risk of fraud. You need to contact the financial institution or retailer and take steps to protect yourself.