American Medical Collection Agency Settles Data Breach With 40 States For $21M
On March 11, 2021, American Medical Collection Agency (AMCA) settled with 40 states and the District of Columbia regarding its 2018/2019 data breach. AMCA specializes in collecting the small-dollar medical debt. Between August 1, 2018, and March 30, 2019, a hacker compromised AMCA’s web payment page, exposing the personal information of at least 21 million individuals across the country.
AMCA first learned of the issue when it started receiving a disproportionate number of notices suggesting credit cards that had interacted with AMCA’s web portal were later associated with fraudulent activity. Outside consultants ultimately confirmed the breach, and in June 2019, AMCA reported the breach to 40 states and the District of Columbia.
As a direct result of the data breach, AMCA suffered a severe drop in business and filed for Chapter 11 Bankruptcy protection. AMCA received permission from the bankruptcy court to settle with the multi-state coalition and, on December 9, 2020, filed for dismissal of the bankruptcy action.
