TransUnion, along with Experian North America Inc. and Equifax Credit Information Services Inc., maintains credit histories on U.S. consumers that are used by lenders and other businesses for a variety of purposes.

The TransUnion breach is the latest in a series of high-profile data compromises this year involving companies such as ChoicePoint Inc., Bank of America Corp., DSW Inc., Reed Elsevier Inc.'s LexisNexis unit, Card Systems Inc. and several universities.

The rash of disclosures has raised consumer concerns about identity theft and prompted federal lawmakers to propose several new regulations.

Just last week, for instance. a subcommittee of the House Energy and Commerce Committee approved a bill that would require companies to notify consumers when their information is stolen. It would also require information brokers to tell the Federal Trade Commission about their plans for safeguarding private data for monitoring and periodic review.

If approved, the bill would override state laws such as California's much-touted SB 1386 Database Breach Notification Act and would serve as a national breach notification law. The proposed measure, however, requires companies to inform consumers of data breaches only if there is a "significant risk" of fraud.