I worked at an ISP last year and out of thousands and thousands of users, we never had one issue where someone contacted us about having their data stolen from an online transaction. Nor did we ever have any of our systems breached in anyway way.
In that time frame, multiple people that I personally knew had their checking accounts hijacked, lines of credit setup in their name (and used), and even credit cards stolen from the mail. The world is full of paper just floating around detailed personal information about all of us.
A lot of times when somethign dubious is conducted online, it is because the user got duped into giving out their own information. They get an email saying, "Click here to verify your account with
www.citibank.com" and then they click the link and it goes to
www.34online23yahh.com and they put in their information and credit card number anyway, ddduuuhhh
In the unlikely event that an online system is breached and credit card numbers are stolen, it is dealt with swiftly. The credit card companies are informed within hours, the cards are cancelled, and new ones sent out. All the theives are left with is your name and address, which is pretty useless by itself. Tracking some over the internet is relatively easy due to all of the logging and tracking of internet communications. If someone takes a receipt from a restaurant, it might be weeks before you find out your card has been used by someone else.
While I will admit that the internet is not perfect for security, most identity theft currently happens from stolen mail, trash, and leftover receipts, not intercepting internet communications and data.