• Vulnerable U
  • Posts
  • DISA Says Data Breach Affects 3.3 Million People

DISA Says Data Breach Affects 3.3 Million People

DISA Global Solutions, a provider of background checks and drug and alcohol testing services to thousands of companies, said that unknown attackers breached the company’s network in February 2024 and stole personal information belonging to more than three million people. 

Why It Matters: DISA works with tens of thousands of companies and collects a wide range of information from individuals during the course of its work. In a filing with the Massachusetts Attorney General, the company said that among the data compromised in the breach were Social Security numbers, debit and credit card numbers, driver’s license information, and financial account information. That’s the identity theft starter kit. DISA also said that the attackers were in the company’s network for more than two months before they were discovered, and that an investigation by a third-party firm did not discover the complete extent of the intrusion. 

Key Details

  •  The attackers gained access to DISA’s network on Feb. 9, 2024, and the company detected the breach on April 22, 2024

  • “On April 22, 2024, we discovered that we were the victim of a cyber incident that impacted a limited portion of our network. Upon discovery, we immediately contained the incident and initiated an investigation with the assistance of third-party forensic experts. Our investigation determined that an unauthorized third party accessed our environment between February 9, 2024, and April 22, 2024, and procured some information. Although our forensics investigation could not definitively conclude the specific data procured, DISA conducted a detailed and time-intensive review of the affected files to identify the personal information contained therein,” the company said in a notification letter. 

  • DISA said in a filing with the Maine Attorney General that more than 3.3 million U.S. residents were affected by the breach

DISA did not provide any details about how the attackers got into the company’s network or what specific systems were accessed.