Federal and company investigators are looking into the security breach in the Seisint database, which was recently acquired by Lexis Nexis and includes millions of personal files for use by such customers as police and legal professionals.
Seisint also provides data for Matrix, a crime and terrorism database project funded by the U.S. government that has raised civil rights concerns.
Information accessed included names, addresses, Social Security and driver's license numbers, but not credit history, medical records or financial information, corporate parent Reed Elsevier Group PLC said in a statement.
"We sincerely regret the circumstances that were recently announced," Kurt Sanford, president and chief executive officer of Lexis Nexis corporate and federal markets, said in a statement.
This is the second such infiltration at a large database provider in recent months. Rival databasesaid last month that the personal information of 145,000 Americans may have been compromised by thieves posing as small business customers.
In the ChoicePoint scam, at least 750 people were defrauded, authorities say. The incident fueled consumer advocates' calls for federal oversight of the loosely regulated data-brokering business, and legislative hearings are expected.
Both data heists, says CBS News Technology Analyst Larry Magid, involve personal information stored in large commercial databases - whose security is beyond the control of consumers.
"As long as companies continue to warehouse information, consumers are sitting ducks for identity theft. This is not a case of people being careless about their passwords or documents or the security of their PCs," says Magid. "This is wholesale theft of consumer data and there is almost nothing individuals can do to prevent this type of hacking."
"The best defense," he adds, "is to keep a close eye on your bills, bank accounts and credit reports" - to watch for any suspicious or unusual activity.
Lexis Nexis will be notifying the estimated 32,000 affected customers in the coming days. CEO Kurt Sanford says the company will provide them with ongoing credit monitoring "and other support to ensure that any identity theft that may result from these incidents is quickly detected and addressed."
The company will also be tightening its ID and password requirements and administrative procedures.
"The U.S. law enforcement agencies have asked us not to say too much, as they are in the process of trying to track down the people who are responsible," said Reed Elsevier spokeswoman Catherine May.
The security breach, according to May, was discovered during internal checking procedures on customer accounts.