DISA Global Solutions, a U.S. employee screening services provider, says it is suffering from data breaches affecting more than 3.3 million people.
DISA provided services such as drug and alcohol testing and background checks to one-third of more than 55,000 companies and Fortune 500 companies, confirming a data breach in an application to Maine's Attorney General on Monday .
DISA said it discovered on April 22, 2024 that it was a victim of a “cyber incident” that affected a “limited portion” of the network. They were not noticed for more than two months.
In a letter sent to people affected by the data breaches, including individuals who had undergone an employee screening test, DISA said the attacker had “procured some information” from the system.
In another submission to the Massachusetts Attorney General, DISA confirmed that the stolen information includes personal Social Security Number, financial account information including credit card numbers, and government-issued identification documents. The submission confirmed that more than 360,000 Massachusetts residents were affected by the violation.
However, in a letter of data breach notification, DISA states that “it is not possible to clearly conclude specific data procured,” suggesting that there is no technical means such as logs, and internal data may be accessed or excluded. It does not accurately detect what is done.
According to its website, DISA collects a wide range of personal and confidential information, including details about the applicant's work history, educational background, criminal history and credit history.
It remains to be seen who was behind the cyberattack and how the organization was compromised. It is also unclear why it took Disa so long to notify affected individuals about the violation.
DISA did not respond immediately to TechCrunch's questions.