The big TJX disclosure prompted me to take a look at the number of personal data records inappropriately disclosed. One such source is They have kept a record of public disclosures of data breaches since January 2005. Their very conservative count (including records of only US breaches with the possible exception of some of TJX in the UK and Ireland) puts the total data breaches over the last two years and 3 months at over 150 million. That’s half the population of the US! Looking through you can clearly see that they’ve not counted anything that is not publicly verified. So chances are good that your personal data has been lost in the past two years. Since this is a tough problem for corporations to handle, what might the solution be? One tactic I’d support is to make it harder to get credit. Sure it’s convenient to open a credit card the same day in your favorite store for a discount, but it stops thieves from getting one in your name too!