Support Centre

USA: 41 State AGs announce $21M settlement against AMCA following data breach

The Pennsylvania Attorney General ('AG'), Josh Shapiro, announced, on 11 March 2021, alongside 41 other state AGs, a $21 million settlement with Retrieval-Masters Creditors Bureau, conducting businesses as the American Medical Collection Agency ('AMCA'), resolving a multi-state investigation into the 2019 data breach that exposed the personal information of over 7 million individuals. In particular, under the terms of the settlement, AMCA and its principals have agreed to implement and maintain a series of data security practices designed to strengthen its information security program and safeguard the personal information of consumers, these include:

  • creating and implementing an information security program with detailed requirements, including an incident response plan;
  • employing a duly qualified Chief Information Security Officer;
  • hiring a Third-Party Assessor to perform an information security assessment; and
  • cooperating with the AGs with investigations related to the data breach and maintaining evidence.

As part of the settlement, AMCA may be liable for a $21 million total payment to the states. However, due to AMCA's financial condition, that payment is suspended unless the company violates certain terms of the settlement agreement.

You can read the press release here and the settlement here.