5 days ago
14
The data breach impacts individuals who had laboratory tests conducted at specific Planned Parenthood centres that use LSC's services.
LSC has confirmed data breach impacting 1.6 million individuals. (Photo: THICHA SATAPITANON/ Shutterstock)
Laboratory Services Cooperative (LSC) has confirmed a data breach that compromised the sensitive information of approximately 1.6 million individuals. The Seattle-based nonprofit, which offers centralised laboratory services to member affiliates, including select Planned Parenthood centres, reported the breach occurred in October 2024. The incident involved unauthorised access to LSC’s systems, resulting in the theft of data.
The breach affects individuals who underwent lab tests through certain Planned Parenthood centres that utilise LSC’s services. Although LSC has identified the impacted centres, it cannot confirm the specific individuals affected due to privacy considerations. The stolen data encompasses personal identifiers, medical information, insurance details, and billing and financial records.
This includes full names, Social Security Numbers, driver’s licences or passport numbers, dates of birth, government-issued IDs, medical service dates, diagnoses, treatments, lab results, provider and facility details, insurance plan types, insurer and member/group ID numbers, claims, billing details, and bank and payment card information.
“On October 27, 2024, LSC identified suspicious activity within its network,” reads the notice. “In response, LSC immediately engaged third-party cybersecurity specialists to determine the nature and scope of the incident and notified federal law enforcement. The investigation revealed that an unauthorized third party gained access to portions of LSC’s network and accessed/removed certain files belonging to LSC.”
LSC has informed the Maine Attorney General’s Office about the breach, which impacts 1.6 million people. The organisation is continuing its investigation with the assistance of external cybersecurity experts who are also monitoring the dark web for any signs of data exposure. Currently, there is no evidence that the stolen data has surfaced on dark web markets, forums, or extortion sites.
Affected individuals are advised to utilise the free credit monitoring and medical identity protection services provided by LSC for a period of 12 or 24 months, depending on their state. The enrolment deadline is 14 July 2025. For minors without Social Security Numbers or credit, a specific service named ‘Minor Defense’ will be available.
Legal options explored as Murphy Law Firm considers class action
Murphy Law Firm is exploring legal avenues, including a potential class action lawsuit, to seek compensation for those impacted by the breach. The stolen information places individuals at risk of identity theft and could potentially be sold on the dark web.
Earlier this month, US-based food manufacturing company WK Kellogg Co informed its employees and vendors about a data breach linked to the 2024 Cleo ransomware incidents. The breach involved the theft of company data by the Clop ransomware group. The attackers used two zero-day vulnerabilities, identified as CVE-2024-50623 and CVE-2024-55956, to gain access to servers and extract sensitive data.
Read more: WK Kellogg confirms data breach amid Clop ransomware incidents
More Relevant
close
Sign up to the newsletter: In Brief
Your corporate email address *
I would also like to subscribe to:
Vist our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
