
Centers Laboratory Data Breach Hits 540,000 Patients
.webp)
A Centers Laboratory data breach has exposed the personal and medical information of more than 542,000 people. The New Jersey based testing provider confirmed the scale this month. The company discovered the intrusion in August 2025, but the full picture has only now become public.
Centers Lab, also known as Centers Lab NJ LLC, provides diagnostic testing services to healthcare organizations. That role gives it access to large volumes of sensitive patient data. The delayed disclosure leaves affected patients with less time to protect themselves.
According to a notice posted on the company's website, attackers gained access to its IT systems between August 9 and August 14, 2025. The intrusion window lasted less than a week. That was still enough time for hackers to pull sensitive records from the network. Centers Lab has not explained why notification took nearly a year.
What Data Was Exposed in the Breach
The Centers Laboratory data breach compromised a wide range of personal and medical details. Stolen information includes full names, dates of birth, and Social Security numbers. Driver's license numbers, state identification numbers, and passport numbers were also taken. Health insuranc edetails and medical information rounded out the exposed data set.
This combination of identifiers gives criminals nearly everything needed for identity theft or medical insurance fraud. It also fuels convincing phishing attempts. Patients affected by the breach face a real risk of fraudulent claims filed under their names. Credit monitoring and fraud alerts are worth setting up given the scope of exposure here.
The Department of Health and Human Services breach tracker listed the exact figure last week: 542,377 individuals. That number places the Centers Laboratory data breach among the larger healthcare incidents disclosedthis year. It still trails some of the largest disclosures in the sector, but the scale remains significant.
WorldLeaks Claims Responsibility
The extortion group WorldLeaks listed Centers Lab on its dark web leak site in October 2025. That came two months after the intrusion occurred. The group claims to have stolen more than 1.6 million files totaling 720 GB from the lab's systems. Centers Lab has not independently confirmed that volume, so the figure should be treated as an allegation rather than a verified fact.
WorldLeaks is a relatively new name in cybercrime, but its roots go back further. The group emerged in 2025 after the ransomware operation Hunters International shut down its file encrypting malware. It rebranded under the WorldLeaks name soon after. Instead of locking victims out of their systems, the group now focuses purely on stealing data and pressuring victims to pay before the material gets published.
That shift mirrors a broader trend among extortion groups. Encryption draws law enforcement attention, and it can sometimes be reversed with decryption tools. Stolen data works differently.
It provides steady leverage without the overhead of maintaining ransomware infrastructure. WorldLeaks has used this approach against major organizations, including Nike and Dell. The group currently lists more than 170 victims on its leak site, and the Centers Laboratory data breach is among its more recent healthcare claims.
Why Healthcare Labs Keep Getting Targeted
Laboratory and diagnostic testing companies hold some of the most sensitive data available to attackers. A single record can combine financial identifiers with protected health information. That density of valuable data makes testing providers attractive, repeat targets for extortion groups, and it explains why incidents like the Centers Laboratory data breach keep surfacing across the sector.
The breach also points to a recurring problem across the healthcare sector: long gaps between discovery and disclosure. Breach notification laws generally require organizations to notify affected individuals once the scope of an incident is understood. Investigations into large scale intrusions can extend that timeline considerably, but Centers Lab has not detailed what caused this particular delay.
Patients often learn about incidents like this one only after a threat actor publishes stolen files or a regulator updates a public tracker. That pattern leaves less time to respond before information circulates further.
What Affected Individuals Should Do
Anyone notified about the Centers Laboratory data breach should treat the exposure seriously. Social Security numbers and government identification numbers do not expire. So the risk from this incident extends well beyond the typical monitoring window offered after a breach.
Affected individuals should place fraud alerts or credit freezes with the major credit bureaus. Reviewing medical insurance statements for unfamiliar claims is also worthwhile. Stolen health insurance details can be used to file fraudulent treatment claims. Patients should also watch for phishing attempts that reference the breach directly, because criminals often exploit public disclosures to add legitimacy to scam messages.
Centers Lab has offered identity protection services to those named in the Centers Laboratory data breach notice. That step has become standard practice following large healthcare breaches. How well it holds up will depend on how criminals ultimately use the stolen records. Taking early precautions remains the most effective defense available to patients right now.
Subscribe to receive the latest blog posts to your inbox every week.