In a mind-bending breach, an attacker made off with millions of pieces of data cached in databases belonging to Quest Diagnostics medical labs.

On May 14th, the American Medical Collection Agency (AMCA), notified Quest of the fact that an unauthorized person accessed the electronic infrastructure, obtaining personal information, “like credit card and bank account numbers, medical records, and even social security numbers

The trove of information belonged to a whopping 11.9 million people, who may have visited any of Quest’s roughly 2,200 sites across the US.

The information could be wheeled and dealed across the dark web, putting millions of people in harm’s way. The dark web buyers may fraudulently use the data to open unauthorized credit cards, or to duplicitously engage in other forms of identity theft.

“People should definitely be concerned any time their Social Security information is exposed,” stated a journalist. “Freeze your credit report, so that people can’t open up a new credit card in your name or anything like that.”

Quest is in the process of alerting patients, but news outlets also encourage patients –anyone who has ever used Quest- to reach out to the company to determine whether or not they were affected.

As expected, law enforcement and a forensics team are investigating the incident, but the damage is already done.

For more information on the story, please visit CNN Business.