SAN JOSE, Calif. -- A California medical practice is alerting 185,000 current and former patients that their personal data might have been compromised, the latest in a string of security breaches exposing hundreds of thousands of consumers to potential identity theft.

San Jose Medical Group began sending letters to affected patients earlier this week after thieves stole two computers March 28 from its administrative offices.

The computers contained names, addresses and Social Security numbers, CEO Ernie Wallerstein wrote in the patients' letters, which California residents began receiving midweek. The computers contained billing codes that could be used to extrapolate medical histories and other sensitive data.

The San Jose Medical Group did not immediately return telephone calls or an e-mail Friday from The Associated Press.

San Jose Police Officer Enrique Garcia said it was unclear whether any patients have been victims of identity theft because of the computer theft. The police department's fraud unit is investigating.

The medical group's letters comply with a California law that took effect in 2003 and requires companies to notify residents whenever personal data has been compromised.

California remains the only state with such a law, but U.S. Sen. Dianne Feinstein introduced federal legislation in February that would require companies to disclose breaches to consumers nationwide.

After a series of corporate security problems in the last six months, attorneys general in dozens of states are demanding that companies send disclosure notices to residents outside California.

More than 9.9 million Americans were victims of identity theft last year, costing the nation roughly $5 billion, not including lost productivity, according to the U.S. Postal Inspection Service. The Federal Trade Commission ranks identity theft as the No. 1 fraud-related complaint.

On Feb. 15, data aggregation company ChoicePoint Inc. acknowledged it was notifying 35,000 Californians that con artists had accessed their data. After complaints from federal lawmakers and attorneys general in other states, the company began sending warnings to 110,000 consumers in other states.

On March 11, a thief walked into an office on the University of California, Berkeley campus and swiped a laptop containing personal information for 98,369 alumni, graduate students and past applicants. UC Berkeley has set up a toll-free phone hot line and a Web site.

In one of the state's largest security breeches, UC Berkeley warned 1.4 million Californians in October about a security breach that exposed the names, addresses, telephone numbers, Social Security numbers and birthdays of everyone who participated in a state in-home care program since 2001.

Universities have accounted for 28 percent of the 50 security breaches of personal information recorded by California since 2003, said Joanne McNabb, the chief of the state's Office of Privacy Protection. That's more than any other group, including financial institutions, which have accounted for 26 percent of the breaches affecting Californians.