The collection agency that was involved in a data breach that compromised the personal and financial information of more than 20 million individuals has filed for bankruptcy protection, saying it could not afford the expenses of dealing with the breach’s fallout.
A copy of the company’s bankruptcy filing from the Southern District of New York can be accessed by clicking here. An accompanying motion that details the situation can be accessed by clicking here.
Retrieval-Masters Credit Bureau, which operated under the name of American Medical Collection Agency, is the subject of numerous class-action lawsuits and inquiries from state and federal lawmakers after it disclosed that unauthorized users accessed its online payments portal and were able to obtain the names, phone numbers, bank account information, credit and debit card information, and Social Security numbers of accounts that were placed with the agency. Quest Diagnostics has announced that 12 million of its customers were impacted by the breach. LabCorp has disclosed that 7 million of its customers were affected. And Opko Health said that at least 423,000 of its customers had their information compromised.
The company has spent nearly $4 million mailing out more than 7 million notices to individuals who were affected by the breach, according to the company’s bankruptcy filing. Russell Fuchs, the company’s Chief Executive, has loaned the company $2.5 million of his own money to help cover the expenses. The company has also spent $400,000 on outside security experts so far.
In a declaration filed alongside its bankruptcy petition, the company announced that it learned of the breach in March 2019 when it received a series of “CPP Notices” that “suggested that a disproportionate number of credit cards that at some point had interacted with the Debtor’s web portal were later associated with fraudulent charges.” The company shut down its web-based payment portal and hired outside consultants who confirmed that the company’s servers had been hacked. The company said it spent more than $1 million building its “proprietary, server-based, network-connected system.”
When it found out about the breach and notified its customers, four of its largest clients immediately severed ties with the agency, the company said in its bankruptcy filing. The company has reduced its workforce from 113 employees at year-end 2018 to just 25 currently.
“The Debtor no longer is optimistic that it will be able to rehabilitate its business,” Fuchs said in his declaration, adding in a footnote that while the company was “encouraged by the emergence of some significant clients that expressed an interest in continuing business with the Debtor, that prospect was quickly undermined by Visa and Mastercard, who insisted on onerous and impossibly expensive conditions (including the likely imposition of contractual ‘fines’) on the Debtor’s going-forward ability to accept credit card payments (which they gave no assurances would be processed even if the conditions were met) in what seemed to me to be short-sighted refusal to work in good faith with a long-standing customer with which they had never had any issues before.”