With a few keystrokes, computer security expert Esteban Farao can find all the wireless networks in use in a half-block radius from a Starbucks.
One of them, it appears, is intended for guests at the Marriott. Others are private networks for individual businesses.
Farao, of Coral Gables, Fla.-based Enterprise Risk Management, said the security of any of those networks could be compromised -- a la Albert Gonzalez.
"It's a matter of time," Farao said, even for networks that are encrypted and password protected.
Premium content for only $0.99
For the most comprehensive local coverage, subscribe today.
Gonzalez, of Miami, pleaded guilty last month to 19 felony charges in a Massachusetts indictment for tapping into the computer networks of T.J. Maxx, OfficeMax and other stores, stealing customers' data and selling it overseas. Federal prosecutors say he stole 40 million credit card numbers as a part of that scheme. He faces charges that he stole millions more from other companies.
Whatever tools an identity thief is using, whether Dumpster diving for individual credit card numbers, or stealing identities by the millions -- "the damage that you can do to someone is exactly the same," said Wayne Ivey, a Florida law enforcement officer who has specialized in identity theft investigations for more than 15 years.
But this rapidly evolving crime is becoming more difficult to stop, Ivey said: Only one in 700 identity thieves is ever arrested.
"We're looking at a crime that has reached epidemic proportions," he said.
While a credit card company might forgive charges you claim you didn't make because your card was stolen, some craftier crooks can take the credit card information, coupled with other personal data, and apply for more credit, buy cars, a home, even get a job -- or get arrested -- using someone else's identity.
"The average person will expend over 400 hours trying to get their credit restored," Ivey said. "And the (Federal Trade Commission) estimates the average length of time between when identity theft occurs and the victim finds out is more than 12 months."
Much of the burden remains on consumers to protect themselves -- and urge companies to take better care of their customers' data.
"Hopefully, the American public will start to realize what's going on and push for more security," said Sean Arries, a security expert with Terremark in Miami. He helps companies detect security problems and provides advice on how to fix them.
While many major retailers have updated the security of their networks, many smaller stores have not.
A recent survey by the National Retail Federation showed that small merchants that have never been breached may have an unrealistic expectation of their security: 72 percent of them believe the risk their company faces from a data compromise is low, or not possible, while 67 percent of merchants who have been breached call the risk high.