DISA Global Solutions, a U.S.-based supplier of worker screening companies, has mentioned it suffered a knowledge breach that impacts greater than 3.3 million folks.
DISA, which offers companies like drug and alcohol testing and background checks to greater than 55,000 enterprises and a 3rd of Fortune 500 corporations, confirmed the information breach in a submitting with Maine’s lawyer normal on Monday.
DISA mentioned it found it had been the sufferer of a “cyber incident” that impacted a “restricted portion” of its community on April 22, 2024. An inside investigation decided {that a} hacker had infiltrated the corporate’s community on February 9, 2024, the place they went unnoticed for over two months.
In a letter despatched to these affected by the information breach, which incorporates people who underwent worker screening exams, DISA mentioned the attacker “procured some data” from its methods.
In a separate submitting with the Massachusetts lawyer normal, DISA confirmed the stolen data included people’ Social Security numbers, monetary account data together with bank card numbers, and government-issued identification paperwork. This submitting confirmed that greater than 360,000 Massachusetts residents had been affected by the breach.
However, in its information breach notification letter, DISA mentioned it “couldn’t definitively conclude the precise information procured,” suggesting the corporate doesn’t have the technical means, resembling logs, to detect what inside information was accessed or exfiltrated.
According to its web site, DISA collects a variety of private and delicate data, together with particulars about an applicant’s work historical past, instructional background, prison data, and credit score historical past.
It’s not but recognized who was behind the cyberattack or how the group was compromised. It’s additionally unclear why it has taken DISA so lengthy to inform affected people in regards to the breach.
DISA didn’t instantly reply to TechCrunch’s questions.
