The concern is that the fraudsters may use this information, which includes names, addresses, social security and drivers' license numbers, to impersonate the victims at a later date.
LexisNexis, a subsidiary of publisher Reed Elsevier, said that the incidents took place at its recently acquired Seisint unit – a data broker which sells information to credit agencies, law enforcement and private investigators – after criminals impersonated legitimate customers of the firm.
The information leak, which did not include the credit history, medical records or financial information of individuals, was identified as part of an ongoing review of the verification, authorisation and security procedures and policies across the risk management businesses, according to LexisNexis.
The company apologised for the breach and confirmed that it would notify all those involved and provide them with ongoing credit monitoring and practical support to ensure that any identity theft was quickly detected and addressed.
The FBI is investigating.
The announcement comes just weeks after rival US credit data firm ChoicePoint warned over 100,000 customers that their personal and financial details may have been sold to identity thieves.
Identity theft is an increasing problem for both financial institutions and for consumers. Last week UK consumer group Which? released a survey showing that one quarter of UK adults have had their identity stolen or know someone who has been a victim of ID fraud.
The group also warned that finding the basic information needed to steal an identity is easy.
One target for this information appears to be credit data companies, which store and sell personal data on a vast number of adults worldwide.
In the US concern is rising about how information on these huge databases is used and protected. Senator Patrick Leahy, who will testify today at the Senate Banking Committee's hearing on privacy breaches of personal and financial data, questioned the security currently used by data brokers.
"This is the latest window on security weaknesses that jeopardise the personal information that data brokers hold about every American, and the view is a chilling one," he said. "We are vulnerable not only to run-of-the-mill thieves but also potentially to sophisticated scams, organised crime or even terrorists."
"We need to think proactively and treat these data troves with the same level of care and protection that we would any other valuables. Our peace-of-mind, our economy and even our nation's security depend on it," he added.