LabCorp, a medical testing company, said 7.7 million customers had their personal and financial data exposed through a breach at a third-party billing collections company.
It also said that AMCA has not provided "detailed or complete information" about the hack, including which customers might have been affected.
The American Medical Collection Agency told LabCorp that there was "unauthorized activity" on its payment collection page between August 1, 2018, and March 30, 2019, the U.S. Securities and Exchange Commission said in a filing.
The compromised personal data "could include first and last name, date of birth, address, phone" and "credit card or bank account information", according to LabCorp's SEC filing.More news: OH doctor accused of murdering 25 patients
AMCA does not store Social Security numbers for LabCorp patients, according to the collection agency.
AMCA is a New York-based company that provides medical debt collection services to health providers including Quest Diagnostics. In its announcement Monday, Quest said the breach may have exposed some of its patients' Social Security numbers. It said AMCA plans to offer affected customers identity protection and credit-monitoring services for two years.
"LabCorp is working closely with AMCA to obtain more information and to take additional steps as may be appropriate once more is known about the AMCA incident", LabCorp wrote in its filing.
AMCA, which works primarily with health care companies, said in a statement Wednesday that it learned of the breach from a security firm that works with credit card companies.More news: IKEA partners up with Ori on robotic furniture to help save space
"AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed", the company said.
"We remain committed to our system's security, data privacy, and the protection of personal information", the company said.
Unfortunately, LabCorp still doesn't know who its affected customers are, because "AMCA has not yet provided LabCorp a list of the affected LabCorp consumers or more specific information about them".
LabCorp says it takes "data security very seriously, including the security of data handled by vendors".More news: Halep stunned by 17-year-old Anisimova