The personal details of over 3.3 million people was exposed when a leading US employee screening company suffered a major data breach. DISA Global Solutions, which provides background checks and drug testing services to some of US’ largest corporations, confirmed the breach in a recent filing with the Maine Attorney General’s office.
According to the filing, the cyberattack occurred on February 9, 2024, but remained undetected for over two months. DISA discovered the breach on April 22, 2024, after an internal investigation revealed that an unauthorized party had infiltrated a “limited portion” of the company’s network.
The breach notification letter sent to affected individuals acknowledged that the attacker had “procured some information,” but DISA admitted it could not definitively determine the extent of the data accessed, reports Tech Crunch.
The breach exposed highly sensitive personal data, including:
– Social Security numbers
– Credit card and financial account details
– Government-issued identification documents
As a provider of screening services to over 55,000 enterprises, including a third of Fortune 500 companies, DISA handles vast amounts of sensitive personal data.
DISA on its website says that it collects a wide range of personal and sensitive information, including details about an applicant’s work history, educational background, criminal records, and credit history.
The filing with the Massachusetts Attorney General’s office confirmed that over 360,000 Massachusetts residents were affected. The company also reported that 15,198 Maine residents’ data had been compromised.
It remains unclear who was behind the cyberattack or how the company’s systems were compromised. DISA has yet to provide further details on the attack vector or potential vulnerabilities that were exploited.
