LabCorp BreachDate: January 2020

LabCorp is an American S&P 500 company. It’s headquartered in Burlington, North Carolina, and is one of the largest clinical laboratory networks in the world.

What Was the Breach?

The breach was a “security lapse,” as described by TechCrunch, which found and investigated the breach. The news outlet found that the details available through the server included birthdays, names, and, in select cases, social security numbers.

How Did the Breach Occur?

“This latest security lapse was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system,” said TechCrunch. “Although the system appeared to be protected with a password, the part of the website designed to pull patient files from the back-end system was left exposed. That unprotected web address was visible to search engines and was later cached by Google, making it accessible to anyone who knew where to look.”

When Did This Breach Occur?

This breach occurred in January 2020.

Who Does the Breach Impact?

The breach impacts a portion of LabCorp customers. According to TechCrunch’s investigation, the breach seems to primarily affect cancer patients.

How Many Files Does the Breach Affect?

Investigation into the breach showed that at least 10,000 files were affected. A LabCorp spokesperson, Donald Von Hogan, said, “I can confirm that we have terminated access to the system.” The web address is still in Google’s search results, but the link is dead, meaning no unauthorized parties should be able to access it.


Recent Breaches

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address