Identity theft can happen with different levels of impact to you. I will provide 2 examples:
1) someone gets your credit card number and uses it. The impact is not good but it is easily contained and repaired.
2) someone gets alot of your personal information and work their way through all of your accounts (draining them) and get loans and purchases in your name. (
nightmare).
Personally, I limit any purchase activity or accounts (where I have to enter personal information) on the internet to large large companies. Even with that I only do a few. And being a large company is not guarantee of competence and diligence on their part. But at least they have the resources to secure their web sites. Many companies are not willing to spend the money to secure their sites. Why, because they would in many cases have to rewrite it. Most were not written securely to begin with. Even if they have a firewall and secure network, the site is likely to not be secure and is vulnerable to exploit. This is the whispered secret at most companies no matter the size of it.
To everyones shock and dismay they will learn one day that most (perhaps 90%) companies on the internet (especially small and micro companies) do not have adequate knowledge, procedures, technology, and controls to keep the data or web site from being compromised.
I am sure I will have a couple of IT people pipe up and dispute this. Usually some network technician or programmer. Don't pay any attention to them. Most IT people have absolutely
little to no knowledge about defense in depth other than maybe reading an article about it.... most don't even do that. Plus there are ever emerging vulnerabilities that present new attack vectors that allow criminals to break into companies.
You should be cautious. Criminals are getting much more sophisticated. In fact organized crime rings are getting into the act because it is lucrative. Phishing is the one of the most common social engineering exploits of your computer (be careful clicking on links in email). And make sure any sites you do business on are legitimate (not a fake/impersonator). There are many, many exploits that you have not heard of. And the way you get exploited may have nothing to do with anything you did (except giving some company your data legitimately). Today criminal try to go undetected so they have time to sell off the data to other criminals or to commit fraud themselves.
Make sure you have a full security suite on your computer and keep the security software and your computer patched and up to date. At home, put a hardware firewall or at least a router (a NAT) between your computer and the modem... be sure to change the router's admin password and use a strong password. If you have a wireless router at home... same goes on the admin password, but also encrypt the traffic using WPA or WPA2.
Always use strong passwords on accounts. If you have online accounts with financial institutions and they offer 2-factor authentication... take them up on it and get the device.
Lastly, and probably more important... shred paper documents that have sensitive information before you throw them in the trash. Some people are starting to use mail boxes that lock to ensure someone cannot easily steal their mail.