Serious data breaches continue to plague both businesses and government agencies and threaten the security of all of us.  Earlier this month I told you about a data breach that affected the records of 11.9 million patients of Quest Diagnostics one of the country’s leading blood testing companies.  The hack actually was of American Medical Collection Agency (AMCA), a billing collections company that works with Quest, however the personal information stolen was that of Quest and other companies working with AMCA.  The information stolen in this data breach is particularly sensitive and includes Social Security numbers, credit card numbers, bank account information and even medical information.  Due to the nature of the information stolen, anyone who had used Quest services between August 1, 2018 and March 30, 2019 should be aware that their information has most likely been compromised.

Due to recent required Securities and Exchange Commission  (SEC) filings we have learned of more companies working with AMCA that were affected by this massive data breach.  Specifically, 7.7 million patients of LabCorp, 422,600 patients of BioReference Laboratories and 500,000 patients of Carecentrix  were all affected by this same data breach with the sensitive information described above compromised in the data breach.  Attorneys general from Connecticut and Illinois are investigating the data breach and civil lawsuits against AMCA, Quest and LabCorp have also been filed.  I will keep you informed as to progress of these legal actions.


So what can you do to protect yourself from these and other data breaches?

If you have not yet frozen your credit with each of the three major credit reporting agencies, Equifax, Experian and TransUnion, you should do so now to protect yourself from possible identity theft.

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:

One of the biggest lessons from the myriad of data breaches is to make sure that you use unique passwords for every online account that you have in order to avoid having a sensitive account, such as your online banking account compromised because you use the same password as you do for another relatively meaningless account that had poor security which led to a data breach in which your password was stolen.

Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Also, with your email address commonly known by many scammers, you can expect to receive more phishing and more dangerous specifically targeted spear phishing emails that attempt to lure you into clicking on links containing malware or try to convince you to provide personal information that can be used to make you a victim of identity theft.  Never click on links or provide personal information in response to an email or text message unless you are absolutely sure that the email or text message is legitimate.  The danger of information taken from the data breach at Quest being used for spear phishing emails is particularly high so if you were a customer of theirs, you should be skeptical of any communication you receive purportedly from them.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”