The California Attorney General’s office said Wednesday it is making inquiries into whether Choicepoint was complying with state laws before it released private financial data on 145,000 people to criminals operating a scam.

Choicepoint, a data gathering company, reported last week that it gave out the personal financial info in October to what it thought were reputable businesses. The announcement left lawmakers, consumers, and credit card companies all screaming for tighter controls. Choicepoint’s stock has fallen more than 7 percent to $42.17 since news of the security breach first leaked last week.

California Senate Bill 1386 requires companies who have customers in the state to report any potential release of their personally identifiable information. Choicepoint notified 35,000 Californians last week and, on Monday, said it would alert another 110,000 Americans of the problem.

State law also requires any company handling private financial information to maintain adequate security to protect it. The attorney general’s office has asked Choicepoint to explain what controls it has in place, including “a description of the procedures and practices Choicepoint maintains to prevent unauthorized access to personal information,” according to the attorney’s letter.

Choicepoint said in a release that it first noticed the “possible signs of fraudulent activities” in October and informed the Los Angeles County Sheriff’s Department. The department reportedly requested that the company not make its suspicions public until it had ample time to investigate.

The department arrested a Nigerian citizen living in Los Angeles, who has since been sentenced to 16 months in prison, Choicepoint said in a statement.

The scam was old-fashioned, simple, and didn’t involve hacking. According to Choicepoint, the criminals responsible for accessing the private data had formed several phony companies and used Choicepoint’s small business information service to collect personal data. Each company collected just enough data to fly under the radar. Together, the pieces painted an almost-full financial portrait, from Social Security numbers to credit reports.

There have been 45 major security breach announcements since California passed SB 1386 in July 2003, according to Joanne McNabb of the California Department of Consumer Affair’s Office of Privacy Protection.