Names, addresses, driver's license records and Social Security numbers of about 30,000 consumers may have landed in the hands of criminals.
LexisNexis, a major compiler of public consumer information, said the theft occurred at its subsidiary, Seisint, the New York Times reported.
The announcement comes on the heels of other security breaches. Data broker ChoicePoint said records of about 145,000 consumers were accidentally sold to criminals. Bank of America also revealed that backup computer tapes with information on more than 1 million customers had been lost.
Congress is already calling for tighter security procedures at companies that compile and sell consumer information, and this latest incident may intensify the issue. Several consumer privacy bills have been introduced.
Privacy advocates contend that the companies basically police themselves because the state and federal laws governing the industry are vague or contradictory.
"I personally see no socially redeeming value in anyone having the right to give away and sell my personal information unless I approve it," the chairman of the House Energy and Commerce Committee, Joe Barton, told the newspaper. "Under current law these companies have a legal right to package it and do almost anything they want to do with it," the Texas Republican said. "I just think that's fundamentally wrong. And in the Internet age, it's dangerous."
LexisNexis said it would notify affected consumers and help them monitor their credit reports and suspicious activity for one year. More than a third of the people affected in the security breach live in California, but Massachusetts, New York, Florida and Texas residents were hit hard too.
LexisNexis said it did not appear as if a hacker had attacked its system; rather, the theft involved databases acquired last July through the $775 million purchase of Seisint. The Federal Bureau of Investigation and the Treasury Department are investigating, the Times reported.
U.S. Sen. Charles Schumer, D-NY, who has been vocal critic of the data broker industry said, "If we do nothing, identity theft is going to go through the roof. It really means we should get on the stick and do something here. We're in the Wild West where companies can do anything they want."