Another clinical lab ensnared in the AMCA data breach has come forward.

Clinical Pathology Laboratories (CPL) says 2.2 million patients may have had their names, addresses, phone numbers, dates of birth, dates of service, balance information and treatment provider information stolen in the previously reported breach.

Another 34,500 patients had their credit card or banking information compromised.

The breach was limited to U.S. residents, the company said.

CPL blamed AMCA, which it and other labs used to process payments for their patients, for not providing more details on the breach when it was disclosed in June.

“At the time of AMCA’s initial notification, AMCA did not provide CPL with enough information for CPL to identify potentially affected patients or confirm the nature of patient information potentially involved in the incident, and CPL’s investigation is on-going,” said the company in a statement.

LabCorp was first hit with 7.7 million patients affected, then 11.9 million Quest Diagnostics patients were next. BioReference Laboratories pushed the breach over the 20 million mark.

Then, AMCA filed for bankruptcy protection amid several class action suits.

Several lawmakers have since contacted both Quest and LabCorp, two of the biggest laboratories in the U.S. to demand answers about the breach and why it went undetected for close to a year.

Read more: