A significant data breach at DISA Global Solutions, a prominent US firm specializing in background screening and drug testing, has compromised the personal information of 3.3 million individuals.

Incident Overview

The breach, which occurred between February 9, 2024, and April 22, 2024, was initially disclosed by DISA in January. Recent investigations have confirmed that sensitive data belonging to 3,332,750 individuals was exposed during the cyberattack.

Scope and Impact

DISA serves over 55,000 clients, including 30% of Fortune 500 companies, highlighting the potential widespread impact of this breach. The compromised data could have significant implications across various industries nationwide.

Exposed Information

While the company did not specify the exact data types accessed, a notice on its website lists:

  • Full name
  • Social Security number
  • Driver's license number
  • Government ID number
  • Financial account information
  • Other unspecified data elements

Given DISA's services, the exposed data likely includes personal identifiers, contact details, employment history, and health-related information.

Response and Recommendations

Although DISA has not detailed the nature of the cyberattack, a removed notice suggested a ransom was paid to prevent public release of the data. The company claims no data has surfaced on the dark web.

To mitigate risks, DISA is offering 12 months of free credit monitoring and identity theft protection via Experian. Affected individuals are advised to consider additional precautions, such as fraud alerts and security freezes on their accounts.

For more insights on protecting against data breaches, explore our Research section.

The link has been copied!