Many companies that handle sensitive data also have systems that enforce encryption rules and prevent most workers from copying sensitive data, Clawson noted.

Some organizations have resorted to far more "draconian" methods to try to prevent this type of theft, Clawson said. For a time, many U.S. government agencies filled USB ports with hot glue and drove plastic screws into microphones in an effort to prevent access to them, he said.

The FBI collected some of the customer data allegedly stolen by Rebollo by working with confidential witnesses who agreed to buy the data from one of Rebollo's customers, Wahid Siddiqi, who was also arrested last week. The witnesses then turned the data over to the FBI agents. Countrywide matched those numbers provided by the FBI with its own internal spreadsheets, confirming that the names were from its customers and were paired with accurate Social Security numbers.

In two years, Rebollo estimated he earned $50,000 to $70,000 on the activity. His Countrywide salary was $65,000 per year, according to the documents.

Rebollo initially cooperated with FBI agents, describing his actions to them and willingly giving them one of his home computers and a thumb drive, according to the affidavit. But he later seemed to have changed his mind. A few days after his meeting with the agents, Rebollo's lawyer told the FBI that he had decided to revoke his consent to search the drive and the computer.

Rebollo, who faces as much as five years in federal prison if convicted, was released on an $80,000 bond last week even though he doesn't appear ready to give up his activities, at least according to the affidavits. FBI agents said that six days after they spoke with Rebollo, when he described how he stole and sold the data, he called a witness offering to sell him more Countrywide customer names.