I did so much wrong that in retrospect, I’m amazed it didn’t happen sooner. And I’m still putting out the flames.

It was September 2002. I was working as a freelance journalist, living in Connecticut at the time. I was an Internet junkie and I used my debit and credit cards so often that I seldom carried cash.

My mailbox had no lock and was located in a common area where anyone could sift through it.

Fledgling freelancers dread mail and detest junk mail. You never know when the paychecks will come, but the bills are always on time, and the junk reminds you of the convenience you cannot buy, the lifestyle you cannot afford.

I usually threw out the junk mail without shredding it, but on this particular day, I noticed that one letter, from a Big & Tall clothing store, was heavy. I felt the rectangular outline of a credit card within it.

The accompanying bill was for $500.

Two more letters were from stores I never visited. I thought they were solicitations, and for a second, I almost felt good about them. If retailers thought enough of me to ask if I’d want their credit card, my credit had to be OK, right?

With increasing dread, I opened them. Bills for maxed-out credit cards now totaled $1,750. It dawned on me:

My identity had been stolen.

I wish I knew how. It might have been my Web purchases. How safe was my computer against raiding? I had no firewalls. And how closely did sites guard my info?

Police were no help; a patrolman just took a report. If I had not a clue as to how I was ripped off, what could he do?

I suspect that my data were taken from a local hospital. My next-door neighbor, whose last name also began with an S, also was a patient there, and hospital officials told him they had had patient identification information stolen.

Hospitals are among the easiest places to raid. Either a hacker gets into their computer systems or an employee steals the information.Apparently the thief had been using my identity to get immediate in-store credit, then maxing out the card, so my first awareness came when I got the bills.

The good news is that the theft of my identity cost me no money.

But it took a lot of prodding. Some of the companies I had to call or write seven or eight times. One was belligerent, telling me they had no record of my calls.

They were using consumer exhaustion tactics, strangling me in red tape. I think they would have been happier if I had just given up and they could write off the losses on my account.And that’s what’s really shocking about this. Obviously, I was ripe to be taken, but so were these companies. I think they are so eager for customers that they don’t care about theft.

Consider: A check of my credit report this week showed that the credit bureau

TransUnion kept several fraudulent accounts created by the thief on my credit report.

They were listed as “closed,” but TransUnion or the credit card companies should have removed them by now.

The moral is that once you’re a victim, it can take months, if not years, of work to clear your credit record – and you have to stay on it. And on it. And on it.

What’s especially galling is how credit card companies portray ID theft. Ever see the commercials where the pudgy, middle-aged guy laughs about somebody trying to bill him for a surfboard bought in Laguna Beach?

Notice the way the commercial implies that ID theft is a quick and easy fix?

How pathetic.

An estimated $33 billion was stolen via identity theft in 2003, according to a federal survey. The survey suggested that ID theft victimized 10 million people in 2003.

Is that funny?

Not to me, not now. Especially when I think about how complicated buying a house or new car would have been.

I think I am smarter about my personal business. Now I check my bank balances almost daily and my credit card balances monthly. I use cash much more often. Anything containing personal data is shredded.

My handling of credit card financial affairs is laced with a grim – and, I hope, more responsible – anger. My identity was stolen, and I got it back.

But I still feel burned.