A data breach at a billings collections agency has compromised over 7.7 million LapCorp customers, placing them in danger of identity theft and possible scams. The S&P 500 company's announcement came just a day after clinical laboratory operator Quest Diagnostics reported a similar security breach that affected 12 million of its patients.
It is not yet clear if the incidents were related, but LabCorp announced earlier this week that it is already in the process of contacting its affected customers.
According to the company's filing with the US Securities and Exchange Commission (SEC), the unauthorized access to the third-party database had occurred sometime between August of last year and at the end of last month. The firm kept most of its record with a third-party billing collections firm called American Collections Agency (AMCA).
The SEC filing further revealed that the compromised information included data such as its customer's full name, date of birth, phone number, address, provider, and balance information. Some customers, who had recently paid their balances, might have also had their credit card and banking information compromised.
LabCorp did assure its customers that lab results, social security numbers, and insurance information were stored in a separate in-house database. This, of course, leaves little comfort to those who have been affected as they could become the victim of identity theft if the data falls into the wrong hands.
LabCorp is apparently well aware of this, which is why they are now offering affected customers free identity protection and credit monitoring services for the next 24 months.
Apart from LabCorp, AMCA is reportedly also getting in touch with affected customers. Both companies are apparently working together to get to the bottom of the breach and to plan the next actions to take to prevent another breach from happening.
AMCA was reportedly first notified of the breach by Krebs on Security, prompting it to immediately take down its payments page to prevent any further access from the culprits. AMCA has since hired a third-party external forensics firm to investigate the security breach.
Meanwhile, the company has moved its online payments system to a third-party provider. The appropriate authorities have also been notified of the incident and an investigation will likely be underway.
A day prior to the AMCA breach, New Jersey-based laboratory Quest Diagnostics reported a similar data breach that affected around 11.9 million of its patients. The company confirmed that some of the information that was hacked included social security numbers, medical, and financial data.
