The number of personal records exposed in data security breaches surpassed 100 million this year.

So says the Privacy Rights Clearinghouse, which has been keeping count ever since a high-profile data leak at information broker ChoicePoint in early 2005. It keeps track of thefts and losses of gear such as laptops, storage tapes and drives, as well as of hacking incidents and insiders who leak data.

The count climbed throughout 2006: Boeing, the Department of Veterans Affairs, Hewlett-Packard, McAfee, the University of California, and many others made headlines as a result of breaches.

Most incidents come to light because of laws requiring public notification of data loss in cases where data is unencrypted. In response, security companies are increasingly pitching encryption products for secure storage--for example, Seagate Technology is building it into its drives. Microsoft is also getting into the game: business versions of Windows Vista have a full-disk encryption feature called BitLocker.

But encryption technology still lacks usability, a panel of industry experts said at an event celebrating the 30-year anniversary of cryptography.

Meanwhile, banks and credit agencies are hawking credit-monitoring services. In September, researchers named several banks as a consumer's best bet in terms of offering protection against identity theft.

Breaches are only one way people's identities can be compromised. Phishing scams are getting more widespread, and fraudsters are getting trickier in their attempts to con Internet users. People with high incomes attract more phishing e-mails and lose more money to them than other Internet users, according to a November Gartner report.

Scammers are helped by an apparent influx of cross-site-scripting bugs. These Web security flaws could let attackers craft a URL that looks like it points to a trusted site, but serves up content from a third, potentially malicious site. This year, this type of bug was found in many popular Web sites and in Google's search appliances.

Phishing shields are now common. Microsoft has built one into its latest browser, IE 7, and Mozilla offers a similar feature in Firefox 2.

Alternative approaches to combat phishing include a new DNS service, OpenDNS, whose free address-lookup service blocks phishing sites and other threats. Yahoo added an antiphishing feature to its site that displays a custom image on the log-in screen to verify that it is indeed a Yahoo page.

But if confidential data isn't exposed through data breaches or pilfered through a phishing scam, there's still malicious software. Criminals are crafting more-targeted Trojan horse attacks that seek to sneak onto PCs through zero-day flaws, experts have warned. In addition, some malicious software is now designed to let cybercrooks surf into online banks with you to steal your money.

You could also be exposed while on the go. Privacy watchers warn that people carrying passports equipped with radio chips could have the information in the document read from a distance. The solution: keep the passport closed and in a foil bag.

--Joris Evers

2006 Highlights

Getting over laptop loss

There are some simple things you can do to reduce headaches after a laptop is stolen or misplaced.

Veterans Affairs faulted in data theft

Series of missteps led to exposure of data on millions, held up post-theft response, scathing report finds.

The security risk in Web 2.0

Security has become a no-brainer for desktop software, but the same doesn't hold true for the booming world of Web applications.

Researchers: E-passports pose security risk

New passports and ID cards with RFID are surprisingly easy to clone, researchers at Black Hat and Defcon say.

Security expert: User education is pointless

Most office workers can't be made to care about phishing, rootkits or spyware, he says. Other specialists disagree.

The future of malware: Trojan horses

Targeted attacks used for industrial espionage have become the nightmare scenario for big companies, researchers say.

Zombies try to blend in with the crowd

Hackers aim to make networks of hijacked computers go unnoticed by merging their communications with common Web traffic.

At 30, crypto still lacks usability, experts say

Government controls held back cryptography in the past, but today usability blocks adoption. Microsoft's Ray Ozzie promises a fix.

Seagate bakes security into hard drive

Company pitches "DriveTrust" technology as a simpler way to safeguard data stored on laptops and prevent embarrassing breaches.

UCLA break-in puts data on 800,000 at risk

For more than a year, an intruder has been accessing private information on students and staff, among others, the university says.