A data breach has occurred at DISA Global Solutions, a prominent US-based employee screening company, resulting in the exposure of personal details of over 3.3 million individuals.
The company, which offers background checks and drug testing services to major corporations, confirmed the breach in a filing with the Maine Attorney General’s office, revealing that it provides services to over 55,000 enterprises, including a third of Fortune 500 companies, and handles vast amounts of sensitive data.
According to the filing, the cyberattack took place on 9 February 2024 but went undetected for over two months. DISA identified the breach on 22 April 2024, after conducting an internal investigation, which disclosed that an unauthorized party had infiltrated a limited portion of its network.
A breach notification letter sent to affected individuals stated that the attacker had “procured some information,” but DISA admitted it could not determine the full extent of the data accessed, as reported by online technology news site TechCrunch.
Personal data exposed
The breach compromised highly sensitive personal data, including:
- Social Security numbers
- Credit card and financial account details
- Government-issued identification documents
DISA’s website states that it collects a wide range of personal and sensitive information, such as employment history, educational background, criminal records, and credit history.
Impact
A separate filing with the Massachusetts Attorney General’s office confirmed that over 360,000 Massachusetts residents were impacted, while 15,198 Maine residents had their data compromised. The company has not provided further details on the attack vector or potential vulnerabilities that were exploited.
Source Link
