Subscribe To Our Newsletter
Subscribe To Our Newsletter
Laboratory Corporation of America Holdings, widely known as Labcorp, has agreed to a $35 million settlement to resolve a class action lawsuit stemming from a massive data breach at a third-party medical debt collection agency. The security incident, which occurred between August 2018 and March 2019, exposed the highly sensitive personal and medical data of millions of patients nationwide, leaving everyday people vulnerable to identity theft and medical fraud.
The multidistrict litigation, titled In re: American Medical Collection Agency, Inc., Customer Data Security Breach Litigation, is currently pending in a New Jersey federal court under case number 19-md-2904. The legal battle began after a devastating seven-month data breach at Retrieval-Masters Creditor’s Bureau, doing business as American Medical Collection Agency (AMCA). Labcorp had hired AMCA to manage and recover outstanding medical debts from patients.
According to the class action lawsuit, AMCA and the companies that utilized its services failed to implement reasonable cybersecurity protocols to protect confidential patient data. Because Labcorp provided AMCA with patient files to pursue unpaid bills, millions of consumers had their personal information compromised when hackers infiltrated AMCA’s computer systems. Plaintiffs argued that Labcorp shared this information without ensuring it would be properly safeguaged, violating basic privacy standards.
While the data breach itself took place over a multi-month window starting in late 2018, the legal battle to hold the responsible corporations accountable has spanned several years. Everyday people have fought for justice through complex legal channels, culminating in a significant breakthrough for affected consumers.
On April 21, 2026, a federal judge granted preliminary approval to the $35 million settlement agreement. This critical milestone paved the way for the official claims process to begin, allowing affected individuals to step forward and seek financial compensation. The court has scheduled a final approval hearing for August 20, 2026, where the judge will decide whether to officially finalize the terms of the settlement. If approved, and after any potential legal appeals are resolved, the settlement administrator will begin distributing cash benefits and services to qualifying class members.
The data breach at AMCA was particularly alarming due to the sensitive nature of the information involved. When a debt collection agency handles accounts for a medical diagnostic company like Labcorp, they handle more than just standard billing details. The computer systems compromised during the seven-month hack contained private details that identity thieves value highly.
The breach exposed personal and medical privacy data, including patient names, contact information, dates of birth, balance details, and data related to medical laboratory services. When such deeply personal information falls into the wrong hands, it can lead to devastating consequences. Victims of medical data breaches often face a heightened risk of targeted phishing scams, fraudulent medical billing, and long-term identity theft that can take years and thousands of dollars to untangle.
If you were affected by this data breach, you may be eligible to receive significant financial compensation through this settlement. The agreement outlines two distinct paths for cash payouts, depending on how the data breach impacted your life.
First, class members who suffered documented out-of-pocket losses can submit a claim for up to $5,000. This tier of compensation is designed to reimburse you for actual financial damage caused by the breach. Eligible expenses include costs related to identity theft or fraud, credit monitoring services, legal fees, notary fees, faxes, and postage. Within this category, you can also claim compensation for lost time spent trying to resolve issues related to the breach. You can claim up to 10 hours of lost time at a rate of $25 per hour, for a maximum of $250. To qualify for this out-of-pocket reimbursement, you must submit valid supporting documentation, such as receipts or bank statements.
The legal teams involved recognize that not every data breach victim has the time or paperwork to prove exact financial losses. Because everyday people shouldn’t have to jump through endless hoops to hold companies accountable, the settlement offers a simpler secondary cash option.
If you do not have documented losses but still want to claim a cash benefit, you can opt for an estimated $50 alternative cash payment. This option does not require you to provide any receipts or proof of identity theft. However, consumers should note that both the $50 alternative payment and the $5,000 documented loss cap are subject to pro rata adjustments. This means the final cash amounts could increase or decrease depending entirely on how many valid claims are filed before the deadline.
In addition to cash payouts, all participating class members are eligible to receive two years of CyEx Medical Shield Pro. This specialized credit and identity protection service includes targeted medical information monitoring and identity theft insurance to help secure your peace of mind moving forward.
The lawsuit highlights a growing trend of class action litigation aimed at protecting digital privacy and enforcing strict corporate data security standards. When companies collect intimate medical and financial data, they assume a legal and ethical obligation to protect it. Laws governing medical privacy, alongside state consumer protection statutes, form the legal backbone of cases like this one, ensuring that large corporations face real consequences when they cut corners on cybersecurity.
It is important to note that while Labcorp has agreed to pay $35 million to settle its portion of the multi-district case, the legal battle is far from over. The broader litigation against AMCA itself, as well as several other major healthcare and diagnostic providers—including Quest Diagnostics, Sunrise Medical Laboratories, and CBL Path—remains ongoing. Labcorp chose to settle to resolve the claims against it, but other corporations are still being pursued in court.
Are you wondering if you are included in this multi-million dollar settlement? The settlement class covers a specific group of individuals whose data was compromised during the AMCA security incident.
Specifically, you may be eligible to participate if Labcorp transmitted your personal information to Retrieval-Masters Creditor’s Bureau, doing business as American Medical Collection Agency, and your information was stored on the computer systems that were compromised during the data breach between approximately August 2018 and March 2019. Thousands of affected individuals have already received official settlement notices in the mail or via email containing a unique Class Member ID.
If you are an eligible class member, you must take active steps to claim your share of the settlement funds. You do not automatically receive a check or identity monitoring services simply because your data was stolen.
To file a claim, you can visit the official, court-approved settlement website at AMCADataBreachSettlement83395.com. On the website, you can enter the unique Class Member ID found on your mailed or emailed settlement notice to complete the process digitally. If you did not receive a notice or prefer to file by mail, you can download a PDF version of the claim form from the site, print it out, and mail the completed document to the settlement administrator.
New cases and investigations, settlement deadlines, and news straight to your inbox.
