U.S. screening company DISA leaks data of 3.3M people

DISA Global Solutions Inc. acknowledges it has suffered a data breach that affects more than 3.3 million people.

DISA is a company that offers employee background checks and screening services, like drug and alcohol testing, physical exams, audiometric testing, and driver qualification files. It claims to have over 55,000 corporate customers, with a third of Fortune 500 companies.

In a data breach notification addressed to the Office of the Maine Attorney General, the screening company says it found out that it was the victim of a ‘cyber incident’ that impacted a small portion of its corporate network.

“Upon discovery, we immediately contained the incident and initiated an investigation with the assistance of third-party forensic experts,” DISA states.

Research showed that an unauthorized party accessed the company’s digital environment between February 9, 2024, and April 22, 2024, and was able to lay their hands on ‘some information’.

On the company’s website, DISA says that the affected files contained personal information, including full names, social security numbers, driver’s license numbers, other government ID numbers, financial account information, and ‘other data elements’.

When the data breach came to light, DISA restored its systems and implemented additional security measures. Relevant law enforcement authorities were notified. Lastly, it established a dedicated call center for affected people who have questions regarding the incident.

The total number of persons that were affected by the incident is 3,332,750.

At present, the screening company is unaware of any attempted or actual misuse of any information involved in this data incident. DISA encourages affected people to remain vigilant against potential identity theft, financial fraud, and any other suspicious activity.

It remains uncertain who’s responsible for the data theft, or how the company was compromised. It’s also unclear why it took DISA so long to notify victims about the incident.