Georgia-based ChoicePoint, which provides employers, marketing companies, and the government with personal information on nearly every American, says it mistakenly gave out data to criminals posing as legitimate clients.
"Through ChoicePoint's massive database, the thieves were able to view thousands of names, credit reports, social security numbers, and other types of information," said James E. Lee, chief of marketing for ChoicePoint.
"The reality is the information is very valuable to people; it can be sold on the market. You can commit identity theft and people will always find ways to break in and get access to that information," said Eric Gertler, the author of "Private Eyes.”
ChoicePoint was told of the security breach last October but only began notifying consumers a few days ago.
In California, the only state that requires notification, tens of thousands of warning letters have been sent out, though it's unclear if the company will do the same in other states.
"It's clearly the case that we need more government oversight," said Marc Rotenberg of the Electronic Privacy Information Center.
In fact, the only reason that we even know that a problem existed is because California took the step of passing a law to require companies like ChoicePoint to make known to the public when their personal information is wrongfully disclosed.
The information industry has been fighting increased regulation for years, saying it can effectively police itself. This latest incident, though, is likely to make that argument a much harder sell.