Major breach hits employee screening firm - 3.3 million affected as hackers steal DISA data

A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
(Image credit: Shutterstock / JLStock)

  • Disa confirms hackers were present for over two months
  • They siphoned sensitive data on hundreds of thousands of users
  • The company didn't say how it got compromised

American employee screening company Disa has confirmed suffering a cyberattack in which it lost sensitive customer data.

In a breach notification letter sent to affected individuals, as well as in reports filed with Maine and Massachusetts attorney general offices, the company said it discovered a breach, impacting a “limited portion” of its network, on April 22, 2024.

The subsequent investigation determined that the threat actors, who were unnamed, accessed the company’s infrastructure on February 9, and lingered for almost three months, during which time the crooks managed to grab “some information” on Disa’s customers.

3.3 million affected

“Although our forensics investigation could not definitively conclude the specific data procured, DISA conducted a detailed and time-intensive review of the affected files to identify the personal information contained therein,” the letter reads.

The company added there is currently no evidence suggesting the data was misused in other attacks.

In the filing with the Maine Attorney General, Disa said the total number of affected people is 3,332,750. In the filing with the Massachusetts AG, it said that the data stolen included people’s Social Security numbers, financial account information (credit card numbers included), and government-issued identification documents - more than enough data to run phishing scams, identity theft, and even wire fraud.

We don’t know who the attackers were, or what their end goal is. We also don’t know how they managed to infiltrate Disa, and whether or not they tried to extort the company for the stolen information.

DISA Global Solutions is a prominent American company specializing in employee background screening, drug and alcohol testing, and compliance solutions. According to its website, DISA serves over 55,000 customers across various industries, including transportation, energy, manufacturing, and healthcare. Allegedly, approximately 30% of Fortune 500 companies utilize DISA's services.

Via TechCrunch

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Security
American National Insurance Company breach data found online
Insurance
Globe Life data breach may have affected 850,000 more patients than previously thought
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
An abstract image of digital security.
Orange confirms it suffered breach after hacker leaks company documents
Representational image of data security
Travel data of almost 500,000 users exposed in Daytrip leak
Latest in Security
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
ID theft
Hackers claim Orange attack, threaten to leak 1TB of data
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Latest in News
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
Google Pixel 9a
Google just launched the Pixel 9a – and I reckon it embarrasses the iPhone 16e
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Adobe Firefly
Adobe launches game-changing GenAI tools for video editing
Amrit Kaur and Reneé Rapp in The Sex Lives of College Girls.
Max cancels The Sex Lives of College Girls but the hit HBO show might find a new streaming home elsewhere
Adobe AI agents
Adobe launches 10 new AI agents to automate key marketing workflows