According to today's Seattle Post-Intelligencer, developments are starting to accelerate in the story of the nation's ongoing wave of identity thefts. With Congress continuing its plodding pace toward regulating the financial institutions, retailers, and data processors that collect, store, and sell personally identifiable data, other parties are beginning to take matters into their own hands.

For instance, the companies victimized by these "hack attacks" are taking everything from half-measures to active measures in beefing up their security and mitigating the risk that data thefts will harm the innocent. ChoicePoint (NYSE:CPS) is leading the charge here, tightening its business practices -- even at the cost of lost revenues -- on the one hand while reaching into its own wallet with the other hand to fund credit monitoring for at-risk consumers. Not far behind are co-data processor Reed Elsevier (NYSE:ENL), discount brokerAmeritrade (NASDAQ:AMTD), and bankerCitigroup (NYSE:C), all of which are taking similar measures to deal with their respective lapses in security.

Enter a new player in this already chaotic field: the National Association of Attorneys General. More than a month ago, credit processor CardSystems Solutions suffered a security breach that put data on 40 million individuals at risk. Alarmed that CardSystems still hasn't advised the persons affected, the AGs are demanding an explanation from the company.

According to news reports, CardSystems never informed any potential victims of the breach, despite the likelihood that at least 200,000 of the 40 million records were not just left open to theft but actually stolen. This breach -- the largest on record by a factor of 10 -- was not revealed at all until MasterCard, one of several card issuers whose customers were endangered by the hack attack, blew the whistle.

Now the AGs are hopping mad and have given CardSystems until July 25 to explain what it has done, and what it plans to do, to clean up this mess. It's a good thing for consumers that the AGs are taking matters into their own hands. At the rate Congress is moving on this crisis, no legislation to tighten security of confidential information is expected to see the light of day before fall 2005.

Investors, on the other hand, must now beware a flurry of lawsuits being filed -- a la the case of Elliot Spitzer v. Everybody. That's as opposed to a tardy, but at least well-thought-through, packet of legislation from Congress. Whatever good it does for consumers, a wave of lawsuits would do the defendants' stock prices no good at all.

Read more about who's stealing -- and who's misplacing -- your identity in:

Fool contributor Rich Smith owns no shares in any company mentioned in this article.