A data breach at a collection agency appears to have expanded to another company, after LabCorp announced that up to 8 million of its customers may have been affected. The news comes a day after Quest Diagnostics disclosed that the information of 12 million of its customers was compromised in the same breach.
In a filing with the Securities and Exchange Commission yesterday, LabCorp disclosed it was notified by American Medical Collection Agency about unauthorized activity on the agency’s web payments page. This is the same kind of notification that AMCA sent to Quest Diagnostics.
AMCA has informed LabCorp that it is sending notifications to 200,000 individuals whose credit card or bank account information may have been accessed by the unauthorized activity. The list of individuals who information may have been stolen has not been sent to LabCorp by AMCA, according to the filing. Other information that may have been accessed included individuals’ first and last names, dates of birth, addresses, phone numbers, dates of service, providers, and balance information.
LabCorp said it has stopped sending accounts to AMCA and stopped AMCA from engaging in any collection activities on its accounts.
“AMCA has indicated that it is continuing to investigate this incident and has taken steps to increase the security of its systems, processes, and data,” LabCorp disclosed in its filing. “LabCorp takes data security very seriously, including the security of data handled by vendors. AMCA has informed LabCorp that it intends to provide the approximately 200,000 affected LabCorp consumers with more specific information about the AMCA Incident, in addition to offering them identity protection and credit monitoring services for 24 months. LabCorp is working closely with AMCA to obtain more information and to take additional steps as may be appropriate once more is known about the AMCA Incident.”
LabCorp did disclose that AMCA is a d/b/a for Retrieval-Masters Creditors Bureau, Inc.