Major breach hits employee screening firm - 3.3 million affected as hackers steal DISA data

News
By published

Hackers seem to have stolen payment information from millions

A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
(Image credit: Shutterstock / JLStock)
  • Disa confirms hackers were present for over two months
  • They siphoned sensitive data on hundreds of thousands of users
  • The company didn't say how it got compromised

American employee screening company Disa has confirmed suffering a cyberattack in which it lost sensitive customer data.

In a breach notification letter sent to affected individuals, as well as in reports filed with Maine and Massachusetts attorney general offices, the company said it discovered a breach, impacting a “limited portion” of its network, on April 22, 2024.

The subsequent investigation determined that the threat actors, who were unnamed, accessed the company’s infrastructure on February 9, and lingered for almost three months, during which time the crooks managed to grab “some information” on Disa’s customers.

3.3 million affected

“Although our forensics investigation could not definitively conclude the specific data procured, DISA conducted a detailed and time-intensive review of the affected files to identify the personal information contained therein,” the letter reads.

The company added there is currently no evidence suggesting the data was misused in other attacks.

In the filing with the Maine Attorney General, Disa said the total number of affected people is 3,332,750. In the filing with the Massachusetts AG, it said that the data stolen included people’s Social Security numbers, financial account information (credit card numbers included), and government-issued identification documents - more than enough data to run phishing scams, identity theft, and even wire fraud.

We don’t know who the attackers were, or what their end goal is. We also don’t know how they managed to infiltrate Disa, and whether or not they tried to extort the company for the stolen information.

DISA Global Solutions is a prominent American company specializing in employee background screening, drug and alcohol testing, and compliance solutions. According to its website, DISA serves over 55,000 customers across various industries, including transportation, energy, manufacturing, and healthcare. Allegedly, approximately 30% of Fortune 500 companies utilize DISA's services.

Via TechCrunch

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.