Attorney General Moody Takes Action Against National Debt Collection Agency for Massive Data Breach

TALLAHASSEE, Fla — Attorney General Ashley Moody today took action against Retrieval-Masters Creditors Bureau d / b / a American Medical Collection Agency by resolving a multi-state investigation into a 2019 data breach that uncovered the information personal data of over 7 million people, including 1.25 million Florida residents. The data breach potentially exposed the personal information of up to 21 million people in the United States. Attorney General Moody is joined in the multi-state action by 40 other state attorneys general.

Attorney General Ashley Moody said: “This data breach exposed the personal information of more than one million Floridians, putting their identities, finances and online security at risk. I am proud to work with my counterparts in other states to strengthen the security measures of this agency to ensure that any future personal information collected remains private.

Retrieval-Masters Creditors Bureau is a debt collection agency. Under the name of American Medical Collection Agency, the company specializes in the collection of low-value medical debts, primarily for laboratories and medical testing facilities. An unauthorized user gained access to AMCA’s internal system from August 1, 2018 to March 30, 2019. AMCA failed to detect the intrusion, despite warnings from the banks that processed its payments. The unauthorized user has collected a wide variety of personal information including social security numbers, payment card information, and in some cases, names of medical tests and diagnostic codes.

On June 3, 2019, the AMCA notified numerous states and began notifying over 7 million affected people, including a two-year offer of free credit monitoring. On June 17, 2019, AMCA filed for bankruptcy due to the costs associated with notifying and remedying the violation.

As part of the deal, AMCA may be responsible for a total payment of $ 21 million to states. Due to AMCA’s financial condition, this payment is suspended unless the company violates certain terms of the settlement agreement.

Under the agreement, AMCA and its officers agreed to implement and maintain a series of data security practices designed to strengthen the company’s information security program and protect consumers’ personal information. These include:


Comments are closed.