Washington ? Federal agents are in a familiar position as they probe the computer-security breach at an Arizona firm that left credit-card data for some 40 million people open to theft: Once again, they’re playing catch-up.

Faced with the vastness of cyberspace, the technical prowess of the thieves and the runaway pace of technology, finding the culprits is no simple matter.

“Unfortunately, the nature of cyber crime, and identity theft, is such that law enforcement will probably always be involved in a game of catch-up,” said Paul Luehr, Minneapolis-based vice president for Stroz Friedberg, LLC, a national computer forensics and consulting firm.

The decline of face-to-face cash transactions and the growth of Internet commerce have made credit-related data thefts a regular occurrence and a high priority for federal law enforcement.

In the Arizona case, little is known about whether criminals are using the information that computer hackers stole from CardSystems Solutions, a credit card-payment processing company. But unconfirmed reports from Japan say that at least $1 million in fraudulent credit card-charges have been linked to the security breach. Officials at CardSystems declined to comment.

The break-in is the latest in a string of similar lapses that have left personal information for 58 million Americans – such as Social Security numbers, credit card numbers and addresses – vulnerable to theft.

Identity theft, in which such stolen information is used to obtain credit and make purchases in the victims’ names, is the nation’s fastest-growing crime. Losses from identity theft total $5 billion for consumers and $48 billion for financial institutions, according to a recent Federal Trade Commission study.

In response, the FBI, Department of Justice and Secret Service have beefed up their computer crime-investigation units. But experts say federal investigators have a tough row to hoe.

The computer-security breach at an Arizona firm that left credit-card data for some 40 million people open to theft has shown how law enforcement agencies investigating computer crimes are playing catch-up to thieves.

Computer crimes often are difficult to solve. Doing so can take years, and cyberspace provides criminals with anonymity and many ways to cover their footprints.

The technology changes so quickly that by the time criminal activity has been discovered the suspects may have moved on to different crimes and methods. Computer forensic evidence can disappear in days, leaving investigators with a cold trail.

And because the crimes are often carried out by organized gangs in Russia, Central Europe and Africa, the geographical, jurisdictional, language and legal barriers are sometimes insurmountable for U.S. law enforcement.

To handle these obstacles, FBI investigators are required to have extensive cyber-crime training. But agents who have that expertise often are called on to assist in other cases, which cuts into their cyber crime work.

“In some cases, to actually do the forensic exam, it can drag out because they do have to prioritize cases and sometimes lower level investigations may get backed up. So in many of these cases there is not a rapid turnaround,” Gibbons said.

Lynne Strang, a representative of the American Financial Services Assn., said data security had improved but remained an imperfect science.

“There’s still a lot of clever people out there who keep finding new ways to crack the system, so it really becomes a challenge to stay a step ahead,” Strang said.