
Centers Lab NJ has revealed that a cybersecurity incident disclosed last month affected 542,377 individuals, according to a filing with the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR).
The figure, published on the agency's breach portal, provides the first indication of the breach's full scope after the diagnostics company issued a public notice on June 18 without disclosing how many people were impacted.
Centers Lab NJ is a New Jersey-based diagnostics company that provides laboratory testing and other clinical services to healthcare providers. As part of those services, the company processes and stores protected health information (PHI) and personally identifiable information (PII), making it subject to the Health Insurance Portability and Accountability Act (HIPAA) and its federal breach notification requirements.
According to the company's disclosure, suspicious activity in its IT environment was detected on August 25, 2025, prompting Centers to isolate affected systems and launch an investigation with assistance from third-party forensic specialists. Investigators determined that an unauthorized actor had gained limited access to the company's systems between August 9 and August 14, 2025, during which data was copied.
Following the forensic investigation, Centers retained third-party data review specialists to analyze the affected files and determine which records contained sensitive information. The company said it then completed an internal validation process before notifying affected individuals and publishing its breach notice, explaining the several-month gap between discovering the incident and issuing public notifications.
The information exposed differs from person to person but may include names together with one or more of the following data elements:
- Date of birth
- Social Security number
- Driver's license or state identification number
- Passport number
- Health insurance information
- Medical information
Centers said not every affected individual had every category of information exposed. However, the combination of personal identifiers with health and insurance information can increase the risk of identity theft, medical identity fraud, and phishing attacks that leverage stolen personal details.
Centers has not disclosed how the attackers initially gained access to its network, whether ransomware or data extortion played a role in the intrusion, or whether any of the stolen information has been misused. No cybercrime group has publicly claimed responsibility for the incident.
In response to the breach, the company said it has implemented additional safeguards to strengthen the security of its systems beyond the protections already in place. Centers is also encouraging affected individuals to review financial account statements, explanation of benefits documents, and credit reports for suspicious activity, and to consider placing a fraud alert or credit freeze if they believe their personal information may be at risk.






Leave a Reply