The recent indictments linked to computer-data thefts from several retailers, including TJX Cos., are a welcome sign that law enforcement is beginning to get a handle on such crimes. But we still have far to go: Sophisticated hackers exploit the sometimes lax ways in which information is stored and transmitted, and are skilled at evading detection. Further, the Internet’s global reach frustrates law enforcement’s traditional boundaries.

Almost by default, the Secret Service has become the agency charged with pursuing geography-defying identity thieves. But it lacks the resources needed to truly make a dent in this fast-growing crime. More recently, with the crackdown on illegal immigrants, U.S. Immigration and Customs Enforcement, an arm of the Department of Homeland Security, has entered the picture. But the overall effort remains modest and fragmented.

Earlier this month, federal prosecutors announced indictments against 11 men, accusing them of operating a massive, global, data-theft ring. The alleged theft went well beyond TJX Cos. (parent of TJ Maxx)Marshalls and other chains, which made headlines last year when it disclosed a breach affecting millions of credit- and debit-card customers. The government’s indictment states that the theft actually extends to nine major U.S. companies (including an apparently surprised Barnes & Noble). The ring is accused of stealing more than 41 million card numbers, many of which it has sold to other criminals. Among the accused are one American who was a Secret Service informant, as well as men from Estonia, Ukraine, China and Belarus. The charges range from conspiracy and fraud to identity theft.

Up to this point, in the case of TJX Cos., the thefts have been dealt with civilly. Banks sued the retailer for lax security, and have won settlements worth several million dollars. The other major costs have included replacing compromised cards and covering fraudulent charges. Most of the financial damage does not directly affect consumers, who are largely protected against unauthorized use of their accounts. But one way or another, the costs will be passed along. And many victimized customers have had to spend several frustrating hours rectifying the damage. Others do not yet know their data have been stolen, and funneled, allegedly, to huge data servers in Ukraine and Latvia.

This case is apparently the largest data-theft case yet prosecuted by the United States. It ought to serve as a wake-up call that U.S. cyber-security vastly needs improving (in government as well as in the private sector). In addition, the nation badly needs an umbrella agency devoted to these kinds of crimes, which are only bound to increase as computerized data spread. Federal laws concerning data protection and identity theft must be strengthened, along with criminal penalties. Thus far, in terms of consumer protection, the states have primarily led the charge. It is time for a vigorous national response. Meanwhile, paying by cash is looking better and better.