[BreachExchange] LabCorp data breach exposes information of 7.7 million consumers
Destry Winant
destry at riskbasedsecurity.com
Wed Jun 5 03:28:09 EDT 2019
https://www.usatoday.com/story/money/2019/06/04/labcorp-data-breach-7-7-million-consumers-affected/1346264001/
A day after Quest Diagnostics announced 12 million patients were
affected by a data breach, another medical testing company says its
patients' data was also compromised.
In a filing with the U.S. Securities and Exchange Commission on
Tuesday, LabCorp. said "approximately 7.7 million consumers" are
affected by a breach at third-party collections firm American Medical
Collection Agency, also known as AMCA.
According to the SEC document, the breach happened between Aug. 1,
2018, and March 30, 2019. Information that could have been exposed
includes names, addresses, dates of birth and balance information.
“AMCA’s affected system also included credit card or bank account
information that was provided by the consumer to AMCA (for those who
sought to pay their balance)," the SEC filing said. "LabCorp provided
no ordered test, laboratory results, or diagnostic information to
AMCA."
AMCA is the same collections firm who worked with Quest.
The filing says "Social Security Numbers and insurance identification
information are not stored or maintained for LabCorp consumers.”
The news was first reported by the KrebsOnSecurity security news
site.According to the SEC filing, AMCA is continuing to investigate
the incident and “has taken steps to increase the security of its
systems, processes, and data.
“LabCorp takes data security very seriously, including the security of
data handled by vendors. AMCA has informed LabCorp that it intends to
provide the approximately 200,000 affected LabCorp consumers with more
specific information about the AMCA Incident, in addition to offering
them identity protection and credit monitoring services for 24
months,” the filing said. “LabCorp is working closely with AMCA to
obtain more information and to take additional steps as may be
appropriate once more is known about the AMCA Incident.”
More information about the BreachExchange
mailing list