The debt collection agency responsible for a data breach that compromised information on at least 20 million people has declared bankruptcy.
U.S.-based Retrieval-Masters Creditors Bureau Inc., which collects medical bills under the name American Medical Collection Agency (AMCA), filed for bankruptcy protection in the Southern District of New York. The filing comes after the company learned of a data breach lasting from August 1, 2018 to March 30 affecting information on millions of patients at testing firms Quest Diagnostics and LabCorp. AMCA’s four largest clients soon ceased operations with the company.
Affected companies included Quest, with information about some 11.9 million people involved, LabCorp with 7.7 million, Carecentrix with 500,000 patients hit, and Bio Reference Labs with 423,000 patients.
Numerous class-action lawsuits also have been filed, with plaintiffs alleging an unreasonable breach notification delay, a lack of reasonable data security and possible violations of the Health Insurance Portability and Accountability Act (HIPAA). Customer information exposed in the breach included Social Security numbers, names, addresses, birth dates and credit card details. Some of the data was listed for sale on dark web forums, according to Gemini Advisory.
The company in its Chapter 11 filing cites a “cascade of events” and “enormous expenses that were beyond the ability for the debtor to bear” as the reason for its bankruptcy.
It also describes paying $3.8 million to inform more than 7 million people about the incident, a cost that required the company to take a $2.5 million loan from its chief executive, Russell Fuchs. Security consultants and IT administrators brought in to help clean up the breach have also cost $400,000. Meanwhile, the number of employees has dropped from 113 to 25, according to the petition.
Chapter 11 protection would allow AMCA’s parent company to restructure its debts. AMCA will continue operating through the proceedings.
A copy of the Chapter 11 filing is available below.