America is enduring a data breach epidemic. The latest annual study of the problem from Javelin Strategy & Research, a leading financial analytics research firm, says that 16.7 million people across the nation were impacted by I.D. theft in 2017 — an all-time high.

The problem is getting worse — much worse. Last year, 30 percent of U.S. consumers were alerted about data breaches by firms holding their personal information. In 2016, just 12 percent of consumers were so affected.

Social Security numbers were compromised in 35 percent of I.D. crimes last year; credit card numbers, in 30 percent of breaches. Account takeovers tripled in 2017. About 1 million smartphone and computer users had phony intermediary accounts established for them at Amazon, PayPal, and other commerce websites, according to a February article on cbsnews.com

Tax time is prime time for identity thieves. They would love to get their hands on your 1040 form, and they would also love to claim a phony refund using your personal information. In 2016, the I.R.S. had spotted 1 million bogus returns; in 2017, the number dropped to 900,000. This spring, initial data suggested even fewer cases of fraud would be identified, but the numbers are still too large.

E-filing of tax returns is smart; just make sure you use a secure Internet connection. When you e-file, you aren’t putting your Social Security number, address, and income information through the mail. You aren’t leaving Form 1040 on your desk at home (or work) while you get up and get some coffee or go out for a walk. If somehow you just can’t bring yourself to e-file, then think about sending your returns via Certified Mail. Those rough drafts of your returns where you ran the numbers and checked your work? Shred them.

The I.R.S. doesn’t use unsolicited emails to request information from taxpayers. If you get an email claiming to be from the I.R.S. asking for your personal or financial information, report it to your email provider as spam.

Use secure Wi-Fi. Avoid “coffee housing” your personal information away — never risk disclosing financial information over a public Wi-Fi network. (Broadband is susceptible, too.) It takes little sophistication to do this — just a little freeware.

Sure, a public Wi-Fi network at an airport or coffee house is password-protected — but if the password is posted on a wall or readily disclosed, how protected is it? A favorite hacker trick is to sit idly at a coffee house, library, or airport and set up a Wi-Fi hotspot with a name similar to the legitimate one. Inevitably, people will fall for the ruse, log on, and get hacked.

Look for the “https” and the padlock icon when you visit a website. Not just http, https. When you see that added “s” at the start of the website address, you are looking at a website with active SSL encryption, and you want that. A padlock icon in the address bar confirms an active SSL connection. For really solid security when you browse, you could opt for a VPN (virtual private network) service which encrypts 100 percent of your browsing traffic.

Check your credit report. Remember, you are entitled to one free credit report per year from each of the big three agencies: Experian, TransUnion and Equifax. Historically, asking these bureaus to freeze your credit file in case of suspicious activity has cost a fee. Beginning in fall 2018, you will be able to request a freeze from all three at no charge, thanks to a change in federal law.

Don’t talk to strangers. Broadly speaking, that is very good advice in this era of identity theft. If you get a call or email from someone you don’t recognize — it could tell you that you’ve won a prize; it could claim to be someone from the county clerk’s office, a pension fund, or a public utility — be skeptical. Financially, you could be doing yourself a great favor.

Information for this article was gathered at cbsnews.com, nextgov.com, forbes.com, nytimes.com, cntraveler.com and nbcnews.com

Tim Schumacher, CLU, ChFC, LUTCF, can be reached at (785) 625-3566 or tschumacher@htk.com