DISA Global Solutions, a prominent U.S.-based provider of employee screening services, has confirmed a significant data breach affecting more than 3.3 million people. The breach, disclosed in a filing with Maine's attorney general on Monday, revealed that a hacker accessed a "limited portion" of DISA's network on April 22, 2024. However, an internal investigation uncovered that the intrusion began on February 9, 2024, allowing the hacker to remain undetected for over two months.
The compromised information included Social Security numbers, financial account details, and government-issued identification documents. DISA collects a wide variety of personal and sensitive information, such as work history, educational background, criminal records, and credit history, for its employee screening services. The company serves more than 55,000 enterprises and a third of the Fortune 500 companies, providing services like drug and alcohol testing and background checks.
More than 360,000 Massachusetts residents were among those affected by the breach. The incident highlights the potential risks associated with the vast amount of personal data collected by companies like DISA. In a letter sent to affected individuals, DISA stated that it "could not definitively conclude the specific data procured," suggesting limitations in their technical capabilities to detect exactly which internal data was accessed or exfiltrated.
Though DISA referred to the breach as a "cyber incident" impacting only a "limited portion" of its network, the extent of the breach raises significant concerns about data security. The company did not immediately respond to inquiries from TechCrunch regarding the incident.
Leave a Reply