A data breach at DISA Global Solutions, a firm providing background checks, and drugs and alcohol testing services, exposed the personal information of 3.3 million. Learn what data was affected and what steps are being taken.
DISA Global Solutions, a company specializing in workplace compliance and employee screening solutions, has announced a significant data breach impacting over 3.3 million individuals, including over 15,000 Maine residents.
DISA is headquartered in Houston, Texas, and the breach notification was submitted by their legal counsel, Holland & Knight LLP. It was discovered on April 22, 2024, and reportedly involved unauthorized access to a portion of their network between February 9th and April 22nd, 2024. During this period, an unknown third party gained access to and acquired some data.
While the investigation could not definitively determine the exact nature of the compromised information, it is known that the affected files contained personal data collected by DISA for employment screening purposes, including drug and alcohol testing and background checks.
This information may include names, social security numbers, driver’s license numbers, other government identification numbers, financial account details, and other personal data elements. However, it is worth noting that not all data points were present for every individual affected.
DISA has stated that they are not currently aware of any misuse of the stolen data. The company is notifying all affected individuals and offering them access to credit monitoring and identity restoration services through Experian for a period of 12 months.
“We take this incident seriously and sincerely regret any inconvenience this incident may cause affected individuals,” DISA’s official statement read.
In response, DISA has taken steps to secure its network, alerted law enforcement, restored its systems and operations, and implemented additional security measures to prevent future incidents. They have also established a dedicated call centre to address questions and concerns related to the breach.
The incident is categorized as an external system breach or hacking incident. Notification letters were sent to affected individuals beginning February 21, 2024.
Experts Comments:
Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:
“Two dimensions of this cyber incident are notable. The first is that SSNs were exfiltrated for individuals and these are easily monetized by threat actors. Storing SSNs for any purpose should require a higher level of security and using SSNs to identify digital consumers is an obsolete data management practice.
“The second dimension is the root cause of the breach is not provided so it is not clear what steps DISA took to reduce the probability of this happening again. Cyber incidents occur in all enterprises, so missing an opportunity to make adjustments to controls and processes based on the learnings applied from previous breaches is an indication of cyber resilience and a positive indicator. In this case, there is no indication of cyber resilience.”
While the DISA Global Solutions breach is significant, unfortunately, this isn’t an isolated incident. Data breaches are becoming increasingly common and are a serious threat, but there are steps individuals and organizations can take to minimize the risk. Proactive cybersecurity is crucial for individuals and organizations, and it is not enough to react after a breach has occurred. Using multiple layers of security and continuously improving your security measures can help protect against attacks.
