A major data breach at DISA Global Solutions, a leading U.S. employee screening services provider, has exposed sensitive personal information of over 3.3 million individuals, according to recent regulatory filings.
The company, which serves more than 55,000 enterprises including one-third of Fortune 500 companies, detected unauthorized network access on April 22, 2024. Internal investigations revealed that hackers had infiltrated DISA's systems on February 9, 2024, maintaining undetected access for more than two months.
In notifications filed with state attorneys general, DISA confirmed that compromised data included Social Security numbers, financial account details, credit card information, and government-issued identification documents. The breach impacted individuals who had undergone employee screening tests through DISA's services.
The company's Massachusetts filing indicated that more than 360,000 residents in that state alone were affected. DISA acknowledged uncertainty about the full scope of data accessed, suggesting possible limitations in their technical monitoring capabilities.
As a major provider of background checks, drug testing, and alcohol screening services, DISA routinely handles sensitive personal information including work history, educational records, criminal records, and credit histories.
The identity of the attackers and their method of system compromise remain unknown. Questions also persist about the extended delay between the breach discovery and public notification.
DISA has begun notifying affected individuals and is expected to provide additional details as their investigation continues.