Continued from page 2

Other big attacks included some 130 million card numbers stolen from payment processor Heartland Payment Systems in 2008 and as many as 100 million accounts lifted in a break-in at TJX Cos. in 2005 and 2006. Many smaller ones go unpublicized.

Consumers are at a disadvantage because companies often leave their privacy policies intentionally vague, yet lengthy with legalese.

In any case, few people bother to read them at all. Carnegie Mellon University researchers found it would take the average person 40 minutes per day to read through all the privacy policies that person encounters online.

“Sadly, the consumer can do absolutely nothing to protect themselves,” said Bruce Schneier, a prominent security blogger and chief security technology officer at the British telecommunications operator BT. “When you give your data to someone else, you are forced to trust them.”

If you say no, he said, “that’ll mean living in a cave in the woods.”


Associated Press Writers Kelli Kennedy in Plantation, Fla., Carolyn Thompson in Buffalo, N.Y., and Sarah Brumfield in Baltimore, AP Personal Finance Writer Dave Carpenter in Chicago and AP Technology Writer Joelle Tessler in Washington contributed to this report.