What Happened in the Centers Laboratory Data Breach?
Centers Laboratory, a healthcare diagnostics company based in Cedar Knolls, New Jersey, has confirmed a data breach affecting sensitive personal and health information. The company discovered the breach on Aug. 25, 2025. This discovery came after an unauthorized actor had already accessed the company’s systems.
According to the company, the unauthorized actor gained limited access to its network and copied data between Aug. 9, 2025, and Aug. 14, 2025. As a result, the intrusion window lasted several days before it was detected. On Oct. 6, 2025, a threat actor known as Worldleaks posted a claim on the Tor dark web network stating it had leaked corporate data from Centers Laboratory.
Following discovery, Centers Laboratory conducted a detailed review of the compromised data. This process aimed to identify exactly what types of information were involved and which individuals were affected. The company then disclosed the breach to the Vermont Attorney General on June 18, 2026, and posted a notice of the data privacy event on its website.
The dark web posting claimed the exposed dataset included patient test records, laboratory reports, employee and staff information, diagnostic data, and internal operational files. Because Centers Laboratory operates as a diagnostics provider, this type of data is especially sensitive. The Centers Laboratory data breach therefore raises serious concerns for both patients and staff.
Who was affected?
The breach may affect multiple groups connected to Centers Laboratory. This includes patients whose test records and diagnostic data were stored in company systems. It also includes employees and staff members whose personnel information was reportedly part of the exposed dataset.
Centers Laboratory has not publicly disclosed the total number of individuals affected nationwide. However, the company did notify the Vermont Attorney General, which suggests at least some Vermont residents were impacted. Because Centers Laboratory operates as a diagnostics company, its patient base likely spans multiple states beyond Vermont.
It remains unclear whether minors are among those affected, since diagnostic labs often process samples for patients of all ages. In addition, the mix of patient and employee data means the breach could touch people who never directly interacted with the company as customers. This broadens the population of people who should pay attention to this incident.
What Information Was Potentially Exposed?
The confirmed exposure involves a wide range of personal and health-related information. This combination of data types makes the breach particularly concerning for identity theft and medical fraud risks. Below is a list of the specific categories confirmed to have been exposed.
- Full names
- Dates of birth
- Social Security numbers
- Driver’s license or state identification numbers
- Passport numbers
- Health insurance information
- Medical information
Because Social Security numbers and government ID numbers were exposed together, affected individuals face a heightened risk of identity theft. Criminals can use this combination to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. In addition, passport numbers could be used to attempt fraudulent international identity claims.
The exposure of health insurance and medical information also creates risk of medical identity theft. This occurs when someone uses stolen health data to obtain medical services or prescriptions under another person’s name. As a result, victims may find inaccurate information in their medical records, which can complicate future care and insurance claims.
What is the company doing?
Centers Laboratory responded by conducting a thorough review of the compromised data. This review helped the company identify which individuals and data types were involved in the incident. Following this internal process, the company filed formal notice with the Vermont Attorney General.
In addition, Centers Laboratory posted a notice of the data privacy event on its website to inform the public. The company also set up a dedicated phone line, 1-833-502-4681, for individuals with questions about the breach. Affected individuals can also reach the company by mail at Centers Lab NJ LLC, Attn, 85 Horse Hill Road, Cedar Knolls, NJ 07927.
Centers Laboratory has encouraged affected individuals to remain vigilant against potential misuse of their information. Specifically, the company recommends monitoring account statements, explanation of benefits statements, and free credit reports for suspicious activity. This guidance reflects the ongoing risk that stolen data could be used well after the initial breach.
What Should Affected Individuals Do?
Monitor Your Credit Reports Closely
Affected individuals should request free copies of their credit reports and review them carefully. Look for unfamiliar accounts, unexpected credit inquiries, or any activity you do not recognize. Because Social Security numbers were exposed, this step is especially important right now.
You can obtain free credit reports from each of the three major credit bureaus. Reviewing these reports regularly, rather than just once, helps catch fraud that may appear months after the breach. If you notice anything suspicious, report it immediately to the credit bureau and consider contacting a data breach attorney for guidance.
Consider a Fraud Alert or Credit Freeze
Given that Social Security numbers, driver’s license numbers, and passport numbers were exposed, placing a fraud alert or credit freeze is a wise precaution. A fraud alert requires creditors to verify your identity before opening new accounts in your name. A credit freeze goes further by restricting access to your credit file entirely.
You can request a fraud alert or freeze directly through any of the three major credit bureaus. This process is free and can be reversed later if needed. Because your government ID numbers were also exposed, this step adds an important layer of protection against new-account fraud.
Protect Against Medical Identity Theft
Because health insurance information and medical information were exposed, affected individuals should closely review explanation of benefits statements from their insurer. Look for any medical services or claims you do not recognize. This can be an early sign that someone is using your identity to obtain care.
If you spot suspicious claims, contact your health insurance provider right away to dispute them. You should also request copies of your medical records periodically to check for inaccuracies caused by fraudulent use. Correcting these errors early can prevent complications with future medical treatment or insurance coverage.
Stay Alert for Phishing Attempts
Following a breach like this, scammers often use stolen information to craft convincing phishing emails, texts, or calls. Be cautious of any message claiming to be from Centers Laboratory or related organizations that asks for personal information. Legitimate companies will not ask you to confirm sensitive details through unsolicited messages.
Instead, verify any suspicious communication by contacting the company directly using official contact information. Avoid clicking links or downloading attachments from unexpected messages. Because your name, date of birth, and other details were exposed, scammers may reference this real information to appear legitimate.
Understand Your Legal Options
Affected individuals may have legal options available, including participation in potential class action litigation related to this breach. Consulting a data breach attorney can help you understand whether you qualify for compensation. Many attorneys offer free consultations to evaluate your specific situation.
Because the breach exposed highly sensitive data types, including SSNs and medical information, damages could potentially cover credit monitoring costs, time spent addressing fraud, or other losses. Acting sooner rather than later is important, since legal claims often have filing deadlines. A free case evaluation can clarify your options without any upfront cost.
More Information
notice of the data privacy event
