US employee screening provider DISA suffers data breach impacting over 3.3 Million People

Reuters

DISA Global Solutions, a major U.S.-based provider of employee screening services, has confirmed a data breach that compromised the personal information of more than 3.3 million individuals, according to filings with state attorneys general.

DISA, which conducts background checks, drug and alcohol testing, and other employment verifications for more than 55,000 enterprises - including a third of the Fortune 500 - discovered the cyber incident on April 22, 2024. An internal investigation later revealed that a hacker had infiltrated the company’s network on February 9, 2024, remaining undetected for over two months before the breach was identified.

In a letter sent to affected individuals, DISA acknowledged that the attacker “procured some information” from its systems. However, the company noted it “could not definitively conclude the specific data procured,” indicating that available logs and other forensic data did not provide a full account of the information exfiltrated.

Separate filings with the Massachusetts attorney general confirmed that the stolen data included highly sensitive details such as Social Security numbers, financial account information (including credit card numbers), and government-issued identification documents. More than 360,000 Massachusetts residents were reportedly affected by the breach.

DISA’s services involve the collection of a wide range of personal and sensitive data, including applicants’ work history, educational background, criminal records, and credit history, making the potential fallout of the breach particularly concerning. It is not yet clear who was behind the cyberattack or how the breach occurred, and the delay in notifying affected individuals has also raised questions.

The incident underscores the ongoing cybersecurity challenges faced by companies handling large volumes of personal data, as well as the risks posed by increasingly sophisticated cyberattacks. DISA has not yet provided further details on remedial measures or plans to prevent similar breaches in the future.

Tags

Comments (0)

What is your opinion on this topic?

Leave the first comment