More than 155 million personal records have been lost or stolen in the United States since 2005, and central Ohio has contributed heavily to the trend.

So far this year, Chase, Nationwide, Ohio State University and the Ohio Board of Nursing have reported that personal data such as Social Security numbers have been lost, stolen or compromised, and the Social Security numbers of every state employee in Ohio were stolen from the car of an intern this week.

Although the incidents sound scary, it's difficult to trace how often these types of data breaches translate into identity theft.

"If you are a victim and have been exposed to a security breach, in most situations there's no way to absolutely connect the dots between the breach and the ID theft," said Paul Stephens, director of policy and advocacy for Privacy Rights Clearinghouse, a San Diego consumer group.

"In all likelihood, it had an impact, but it's hard to prove."

Jay Foley, executive director of the Identity Theft Resource Center in San Diego, estimates that roughly 4 percent of the population has been a victim of identity theft.

About 9.9 million Americans were identity-theft victims in 2003, according to the Federal Trade Commission's most-recent statistics.

"If you have had your data stolen in a breach, statistically, you're maybe 1.5 (percent) to

2 percent more likely to become a victim."

It's difficult to link data breaches with identity theft because it could be years before stolen information is used to commit fraud.

When information is first stolen, "people get nervous and check their credit. If nothing happens, they forget about it after a few months," Stephens said. "But there's nothing to stop a criminal from setting (the information) aside for a year or two and then using it. Once the barn door is open, you can't lock it again."

About 40 percent of consumers knew within three months of the crime that they were a victim of identity theft, according to a survey by the Identity Theft Resource Center.

About 18 percent of victims said it took them at least four years to find out.

Most victims also have no idea how their personal information ended up in the hands of a criminal. Of all the victims of identity theft, about 20 percent know how their information was stolen, Foley said.

But experts say data breaches probably only account for a small part of the remaining 80 percent. Most stolen information comes from more low-level fraud such as credit-card skimming and deceptive e-mails, Foley said.

In most cases involving stolen equipment, there is little risk because the thief is interested only in the computer, not what's on it, said Keith Herath, chief privacy officer for Nationwide.

He estimates only about 5 percent of those thefts result in identity theft.

Still, it's a growing concern.

"In a work force that is increasingly mobile, sending sensitive information home with employees is very common," said Mike Spinney, communications director of the Ponemon Institute, a business and privacy research group.

"There are so many demands placed on workers to be more productive that downloading and transporting sensitive information is a common practice."

Columbus-based Nationwide is in the process of encrypting data on all of its laptop computers. In January, tapes containing the Social Security numbers of about 29,000 Nationwide Health Plans customers were stolen from a subcontractor's office in Massachusetts.

"In the long run, companies are waking up to the fact they need to do something about this and are putting policies into place, but it takes time," Foley said.

The motivation is partly financial. Data breaches cost companies about $182 in administrative costs for every record compromised, according to the Ponemon Institute.

Public image is another strong motivator. "No one wants to be the poster child for 'Whoops!' " Foley said.

dtrowbridge@dispatch.com