Around 7.7 million LabCorp customers impacted from AMCA data breach

• Possible information exposed includes first and last names, dates of birth, addresses, phone numbers, dates of service, providers and balance information of customers.
• Credit card and other bank information are also reported to be affected.

Laboratory testing giant, LabCorp has disclosed that data belonging to around 7.7 million customers were affected by a massive breach that occurred at its third-party vendor firm American Medical Collection Agency (AMCA). This same firm was also responsible for revealing personal and financial information of nearly 11.9 million customers of Quest Diagnostics, due to a compromised web payment page.

The big picture

• A filing made by LabCorp to the U.S. Securities and Exchange Commission (SEC) mentions an unauthorized activity on AMCA’s web payment page between August 1, 2018, and March 30, 2019, that led to the breach. (Quest Diagnostics’ breach also occurred around the same time.)
• LabCorp said that information exposed include first and last names, dates of birth, addresses, phone numbers, dates of service, providers and balance information of customers.
• Furthermore, it said that credit card or bank information provided by customers to AMCA are also likely to be affected.
• The company also told that AMCA is in the process of sending notices to over 200,000 LabCorp customers whose bank information were affected.

Social Security numbers unaffected

LabCorp’s filing also mentions that certain parts of information such as Social Security numbers were not involved in the breach. “LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers,” reads the filing.

The company told that it is working with AMCA to know more about the incident as well as in taking appropriate countermeasures regarding the incident.