Hmmmm, are any of those SSNs California residents? If so then the company who lost the information has to notify all of their clients that reside in California of the compromise. (If memory serves me correctly)

Just speculating.