Companies that compile and sell billions of private records on Americans could face new regulatory pressure in the wake of revelations by ChoicePoint Inc., one of the largest such information brokers, that an identity-theft ring gained access to tens of thousands of its electronic documents.

ChoicePoint, a fast-growing repository of information ranging from driving and property records to insurance claims, said scammers posing as legitimate businesses opened 50 accounts and obtained access to various databases used for pre-employment background checks and public records searches.

"We think it's just the tip of the iceberg," said Los Angeles County Sheriff's Lt. Paul Denn.

The sheriff's office charged a 41-year-old Nigerian man, Olatunji Oluwatosin, with six felony counts including identity theft. Thursday in Los Angeles County Superior Court, Mr. Oluwatosin pleaded no contest to a single count of unlawful use of personal identification, and was sentenced to 16 months in state prison. Michael Enger, a public defender who represented him, said investigators won't get any help from his client. "He's not cooperating in any way whatsoever," he said.

Investigators said they believe data on up to 400,000 individuals may have been compromised. Police are seeking others involved in the alleged scam. ChoicePoint disputes that number and contends that closer to 145,000 personal records may have been breached, some of them duplicative. The Alpharetta, Ga., company has notified those it believes may have been affected. Police are still investigating to determine whether the identity thefts resulted in any financial losses.

The incident raises new alarms about companies that sell private data and their growing role as providers of information to law enforcement. Some critics believe the private data brokers have had too little government oversight and that all their databases should fall under regulations that govern credit reports.

Sen. Bill Nelson, a Florida Democrat, Thursday ordered his staff to study possible legislation that would expand the Federal Trade Commission's regulatory power to oversee information brokers the way it does companies that handle financial and medical records.

ChoicePoint was also the subject of controversy in 2000 over the involvement of a subsidiary, Database Technologies, in a purge by the state of Florida of alleged felons on its voter rolls. It was later discovered that many of those purged in fact weren't felons and actually had the right to vote.

Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, D.C., a non-profit privacy watchdog group, wrote to the FTC in December seeking an investigation of ChoicePoint and other companies for compliance with the Fair Credit Reporting Act, which requires credit-report providers to vouch for the accuracy of their information. Now, he says, "this ends the discussion on whether self-regulation works."

Sen. Dianne Feinstein, Democrat from California, recently introduced a bill that would require notification of consumers when their personal data have been compromised. A similar law in California, the only one in the nation, is the reason why ChoicePoint's fraud case came to light. The company said that even though the requirement to notify affected consumers exists only in California, it is notifying consumers throughout the U.S.

The current investigation involving ChoicePoint began in October when the company found the 50 accounts it said were fraudulent. According to the company and police, criminals opened the accounts, posing as businesses seeking information on potential employees and customers. They paid fees of $100 to $200, and provided fake documentation, gaining access to a trove of personal data including addresses, phone numbers, and social security numbers.

The account holders then made unauthorized address changes on at least 750 people, according to California police. Identity thieves often use this method to establish credit accounts that they can then use to make fraudulent charges, though it isn't clear whether any bogus charges were made in these specific cases before discovery of the fraud.

ChoicePoint, which was spun off from credit-report company Equifax in 1997, has rapidly transformed itself into a provider of information to various industries, from direct marketers to insurance companies and law enforcement. In the U.S., the company says it stores 19 billion public records.

James Lee, a spokesman for ChoicePoint, said the company has changed its process for setting up accounts, but declined to detail the changes. ChoicePoint said it alerted the three major credit reporting companies, Equifax, Experian and TransUnion, that fraudulent account holders may have used ChoicePoint's system to access their credit databases. Spokesmen for Equifax and TransUnion said they didn't know whether any of their information had been compromised. Equifax said its own investigation was ongoing.