A massive data breach at DISA Global Solutions, one of America's largest employee screening companies, has exposed sensitive personal information of over 3.3 million individuals, according to a recent filing with Maine's attorney general.
The Houston-based company, which conducts drug tests and background checks for numerous Fortune 500 companies, discovered unauthorized access to their network that went undetected for two months. The breach began on February 9, 2024, but was only identified on April 22, 2024.
The compromised data includes highly sensitive personal information such as:
- Social Security numbers
- Credit card and financial account details
- Driver's license numbers
- Government identification documents
DISA acknowledged in their filing that they were unable to "definitively conclude" exactly what information was accessed by the attackers during the incident. The company serves over 55,000 customers across various industries including transportation, energy, construction, and manufacturing.
According to cybersecurity experts, screening companies are particularly attractive targets for cybercriminals due to the vast amounts of personal data they collect and store. Unlike financial institutions that operate under strict security regulations, background check companies often have less robust security measures in place.
The extended period before breach detection raises concerns about the company's security monitoring capabilities. DISA is now offering identity theft protection services to affected individuals.
The incident highlights growing cybersecurity challenges facing companies that handle sensitive personal information. Experts recommend that affected individuals closely monitor their financial accounts and remain alert for potential identity theft or fraudulent activities.
Law enforcement and cybersecurity authorities continue investigating the breach while DISA reviews its internal security systems.