Attorney General Ken Paxton announced that Texas joined a coalition of 41 attorneys general in an Agreed Judgment against Retrieval-Masters Creditors Bureau d/b/a American Medical Collection Agency (AMCA), resolving an investigation of AMCA’s 2019 data breach that exposed the personal information of over seven million individuals, including approximately 1.4 million Texans.

AMCA collected small balance medical debts primarily on behalf of laboratories and medical testing facilities. From August 1, 2018 through March 30, 2019, an unauthorized user gained access to AMCA’s internal systems and accessed consumers’ personal information, including Social Security numbers, payment card information, and names of medical tests and associated diagnostic codes. AMCA provided notice of this breach to over seven million affected individuals and offered two years of free credit monitoring. In June 2019, AMCA also filed for bankruptcy in the Southern District of New York. 

“Companies that fail to implement reasonable and effective data security systems put Texans at risk of identity theft. As long as companies fail to secure consumers’ data, we will continue pursuing these types of lawsuits in the interest of protecting Texans,” said Attorney General Paxton. “This settlement, like many before it, serves as a reminder that businesses must keep in compliance with state laws and maintain reasonable safeguards to protect Texans’ information.”

Under the terms of the judgment, AMCA and its principals agreed to implement and maintain a series of data security practices designed to strengthen its information security program and safeguard the personal information of consumers. AMCA also may be liable for a $21 million total civil penalty payment to the states; however, because of AMCA’s financial condition, that payment is suspended unless the company violates certain terms of the judgment.

Read a copy of the Agreed Judgment here.