DISA Global Solutions, a Houston-based provider of employment screening services, has suffered a data breach impacting over 3.3 million individuals in the U.S.
The breach, caused by an external hacking incident, compromised sensitive personal information, though the firm says no evidence of misuse has been found so far.
The breach occurred between February 9, 2024, and April 22, 2024, when an unauthorized third party gained access to DISA’s network. The company discovered the intrusion on April 22, 2024, and launched an internal investigation with forensic experts to determine the extent of the compromise. While DISA has not disclosed the full scope of the exposed data, it confirmed that affected files contained names and other personal identifiers in combination with additional sensitive data.
DISA Global Solutions specializes in employment background checks, drug and alcohol testing, and compliance services. The company provides screening solutions for various industries, including transportation, energy, and government contracting, handling large volumes of personal data as part of its services. Given its role in verifying employment eligibility and compliance, a breach of this nature raises significant security concerns.
Following the discovery of the breach, DISA took immediate action by securing its network, containing the attack, and engaging third-party forensic experts to assess the scope of the breach. DISA also notified law enforcement and state authorities of the incident and restored impacted systems only after implementing additional security measures.
To assist affected individuals, DISA is offering 12 months of free credit monitoring and identity theft protection through Experian. The company has begun notifying impacted customers through written communication, with instructions on how to enroll in the provided protection services.
Those affected by the breach are urged to take the following steps to safeguard their information:
- Enroll in the provided credit monitoring service before the deadline of June 30, 2025.
- Monitor bank accounts and credit reports for any suspicious activity.
- Place a fraud alert or credit freeze with major credit bureaus if concerned about identity theft.
- Report any fraudulent activity to the Federal Trade Commission (FTC) or local authorities.
While the firm has taken steps to mitigate damage, affected individuals should remain vigilant against potential fraud and identity theft. The risks arising from this incident for affected individuals are significant, especially considering the extensive exposure period.
At the time of writing, no ransomware gangs or other hacking groups have taken responsibility for the attack at DISA, so the perpetrators are unknown.
Signal Adopted by Swedish Armed Forces for Secure Communications
Leave a Reply