HQ/EMEAFind out how we can help your business
One of the United States’s most prominent background screening and drug and alcohol testing companies, DISA Global Solutions, revealed that it suffered a data breach that allegedly affected 3.3 million people.
The corporation first acknowledged this cybersecurity problem last month, claiming it occurred between February and April 2024, when the breach was discovered.
In an update earlier this month, the firm stated that threat actors may have accessed sensitive data stored in its systems. However, there was no evidence of further distribution or misuse.
DISA disclosed the approximate number of affected individuals.
Earlier this week, DISA announced that following an additional examination, it was discovered that the cybercriminal incident exposed data from 3,332,750 million persons.
Moreover, the company explained that it disclosed the issue to inform its users that it suffered, which may have involved some personal information that came into its possession because of employee screening services that users may have completed with a current, former, or prospective employer.
The company did not specify what categories of information were disclosed to the unauthorised party. Still, it revealed in a note on its website the list of potentially affected data, such as full names, social security numbers, driver’s licence numbers, government identification numbers, financial account information, and other data elements.
The ‘other data elements’ are unclear. Still, due to the nature of the services it provides, DISA typically handles PII, contact information, employment and education history, criminal and background checks, drug and alcohol testing details, medical and health-related data, and more.
While DISA has not disclosed the nature of the cyberattack, a now-deleted message indicates that they paid a ransom to keep the stolen material from being made public.
Furthermore, the affected data has not been discovered on the dark web. A copy of the now-deleted notice also indicates that the company acted to deter the threat actor from publicly exposing any acquired material and to give confirmation of the deletion of the information.
DISA provides a 1-year free credit monitoring and identity theft protection to protect impacted individuals from the risks associated with the data leak.
