LabCorp Facing New Class Action Alleging Negligence in Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Laboratory Corporations of America Holdings, which does business as LabCorp, is facing yet another proposed class action – this the latest in a series of suits stemming from a breach of patient data last year.

LabCorp routinely collects and stores patients’ personal and medical information and often will provide a debt collection agency with this information in order to obtain payments on overdue invoices, the suit explains. One such agency is Retrieval-Masters, also known as the American Medical Collection Agency (AMCA).

According to the lawsuit, LabCorp provided AMCA with patient information that the latter stored on servers that were accessed by an unauthorized third party between August 2018 and March of this year. The breach reportedly affected nearly 12 million people, and exposed Social Security numbers, credit card information, and checking account numbers, among other sensitive data. Several other corporations also reportedly shared customers’ information with AMCA and now find themselves facing similar suits over the breach.

According to the complaint, LabCorp was made aware of the breach as early as May 14^th yet waited over two months to inform its patients–despite the fact that it pledged on its website to inform customers of such breaches within 60 days. Other estimates, however, have stated that the breach was discovered by AMCA long before May.

According to an earlier suit, American Medical Collection Agency was alerted to the breach by a third party on March 1^st of this year, yet claims to have had no knowledge of the incident until March 20^th. The collection agency reportedly alerted the public on June 6^th; LabCorp allegedly took over an additional month to do the same. The suit argues that this failure to issue a timely warning was negligent and made it harder for plaintiffs to protect themselves from identity theft.  

Although LabCorp was authorized to share information with AMCA, the suit accuses the company of negligence for storing the plaintiffs’ “protected personal information in an unprotected, unguarded, unsecured, and/or otherwise unreasonably protected electronic and/or physical location.” The suit further claims the hack could have been prevented, stating the unauthorized third party “could not have gained unauthorized access to Plaintiff’s information but for Defendant’s negligence.”

The complaint requests certification of a nationwide class of everyone whose information was affected by the breach, as well as a specific subclass for consumers in West Virginia.