Over 3.3 million individuals impacted in background verification service breach

Employee verification company DISA Global Solutions said that the data security incident it suffered last year compromised the sensitive personal information of more than 3.3 million individuals.

 

Headquartered in Houston, Texas, DISA is one of the largest employee screening companies in the U.S. whose clients include a third of Fortune 500 listed companies and more than 55,000 companies in total.

 

In a data security incident notice filed with the Office of Maine Attorney General, DISA said that on April 22, it was a victim of a significant cyber attack that affected a limited portion of its network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Our investigation determined that an unauthorised third party accessed our environment between February 9, 2024, and April 22, 2024, and procured some information. Although our forensics investigation could not definitively conclude the specific data procured, DISA conducted a detailed and time-intensive review of the affected files to identify the personal information contained therein,” reads the notice.

 

In a similar notice posted on its website, DISA said that the compromised data included names, Social Security Numbers, driver’s licence numbers, other government ID numbers, financial account information, and other data elements.

 

The company’s filing with the Maine state regulator revealed that the cyber attack compromised the personal information of at least 3,332,750 individuals.

 

“Upon discovery of the incident, we secured our environment, notified law enforcement authorities, safely restored our systems and operations, and implemented additional security measures,” DISA added.

 

The background verification company has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered one year of complimentary identity protection and credit monitoring services through Experian to all affected individuals.

 

At the time of publishing, no known hacker group has claimed responsibility for the cyber attack on DISA. The company also did not share details on who is behind the attack or if it has paid a ransom.