Quest Diagnostics, one of the largest blood testing companies in the country, says as many as 12 million customers could have had their medical and financial information compromised.
The company, in an 8-K filing with the Securities and Exchange Commission, said that at some time between August 1, 2018 and March 30, 2019, an unauthorized user breached a billing collections vendor.
The information on the impacted system included:
- Credit card numbers
- Bank account information
- Medical information
- Other personal information, including Social Security Numbers
Quest Diagnostics’ laboratory test results were not provided to the vendor, AMCA, and were not compromised by the incident.
Quest said in the filing it had learned of the breach on May 31.
“Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients’ personal, medical and financial information,” the company said in the filing.
It’s a significantly bigger security breach than the one Quest experienced in late 2016. In that incident, the health information of 34,000 customers was breached. Last December, a hacker attack on HealthCare.gov exposed the personal data of 75,000 users.
More must-read stories from Fortune:
—This year’s tech IPOs are raising $2.2 billion on average
—Apple Powerbeats Pro vs. AirPods: Everything you need to know
—Inside the innovation labs at Levi’s, Ford, and Facebook
—Business is betting on a quantum leap in computing
—Listen to our new audio briefing, Fortune 500 Daily
Catch up with Data Sheet, Fortune‘s daily digest on the business of tech.
