In the wake of a massive data breach, New Jersey-based laboratory testing company Quest Diagnostics is facing investigations from the attorneys general of Connecticut and Illinois, as well as a putative class action in New Jersey.

The company, headquartered in Secaucus, had said the breach might have exposed the personal information of nearly 12 million Quest patients and 7.7 million Laboratory Corp. of America patients. The breach was reportedly the result of malicious activity on the web payment page of American Medical Collection Agency, a third-party collection vendor for the two medical testing companies.