Over 1.6 million individuals compromised in Laboratory Services Cooperative data breach

Laboratory Services Cooperative said it suffered a significant data security incident last year that compromised the sensitive personal information of approximately 1.6 million individuals.

 

Headquartered in Seattle, Washington, Laboratory Services Cooperative is an independent clinical laboratory that provides services to several planned parenthood centres across the United States.

 

In a data security incident notice filed with the Offices of Maine and California Attorney Generals, LSC said that on October 27, it detected suspicious activity in its internal network. The company launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation revealed that an unauthorised third party gained access to portions of LSC’s network and accessed/removed certain files belonging to LSC,” reads the notice.

 

The compromised data included names, addresses, phone numbers, email addresses, Social Security Numbers, driver’s license or state ID numbers, passport numbers, dates of birth,  dates of service, diagnoses, treatments, medical record numbers, lab results, health insurance details,  bank account details (including bank names, account numbers, and routing numbers), payment card details, balance details and more.

 

The company’s filing with the Maine state regulator also revealed that it identified at least 1.6 million individuals who were impacted by the incident.

 

“Upon detecting the suspicious activity, we moved quickly to investigate the incident and secure our environment. We then conducted a thorough review to determine whose information may be potentially involved.

 

“The cybersecurity specialists hired by LSC are using tools and techniques to scan various dark web forums, marketplaces, and other platforms. As of this writing, they haven’t found any evidence that information involved in this incident is on the dark web,” LSC added.

 

LSC has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered complimentary identity protection and credit monitoring services through CyEx to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on LSC. The company also did not share details on who was behind the attack or whether it has received a ransom demand.