Massive Data Breach at Employment Screening Provider Affects Over 3.3 Million Individuals

A significant data breach at DISA Global Solutions, a third-party employment screening provider, has compromised the personal information of more than 3.3 million individuals. The breach, which occurred between February 9 and April 22, 2024, was discovered by the company on April 22, 2024. DISA provides essential services such as drug and alcohol testing and background checks for over 55,000 employers across the United States.

Key Takeaways

• Affected Individuals: Over 3.3 million people have had their personal information compromised.
• Duration of Breach: The unauthorized access lasted for more than two months.
• Types of Data Compromised: Potentially includes Social Security numbers, financial information, and government IDs.
• Response Measures: DISA is offering a year of free credit monitoring and identity restoration services to affected individuals.

Overview of the Breach

DISA Global Solutions reported that hackers gained access to their systems, allowing them to procure sensitive information from millions of individuals. The company stated that while their forensic investigation could not definitively identify the specific data accessed, it is believed that the breach may have included:

• Names
• Social Security numbers
• Driver’s license numbers
• Other government-issued ID numbers
• Financial account information

Company Response

Upon discovering the breach, DISA took immediate action to contain the incident. They notified law enforcement and implemented additional security measures to prevent future occurrences. Affected individuals were informed of the breach through a letter filed with the Maine Attorney General’s office.

DISA expressed regret over the incident, stating, "We take this incident seriously and sincerely regret any inconvenience this incident may cause affected individuals." The company has also committed to providing a free year of credit monitoring and identity restoration services through Experian to those impacted.

Implications for Affected Individuals

Individuals whose data may have been compromised are advised to take proactive steps to protect themselves. Here are some recommended actions:

1. Monitor Personal Accounts: Keep a close eye on bank statements and credit reports for any suspicious activity.
2. Credit Freeze: Consider freezing your credit to prevent unauthorized accounts from being opened in your name.
3. Fraud Alerts: Place a fraud alert on your credit report to warn creditors to verify your identity before opening new accounts.
4. Identity Protection Services: Enroll in identity protection services that can alert you to any unusual activity.
5. Secure Your SSN: Take steps to protect your Social Security number from being used fraudulently.

Broader Context

This incident is part of a troubling trend of data breaches targeting the employment services industry. In recent years, several high-profile breaches have raised concerns about the security of personal information held by employment service providers. For instance, a class-action lawsuit was filed against Paychex following a breach that exposed sensitive employee information, and UKG faced significant repercussions from a major data breach in 2021.

As cyber threats continue to evolve, it is crucial for both companies and individuals to remain vigilant and proactive in safeguarding personal information. The DISA breach serves as a stark reminder of the importance of robust cybersecurity measures in protecting sensitive data.

Sources

• Employment screening provider data breach affects 3.3M people, Cybersecurity Dive.
• This Massive Data Breach Compromised 3.3 Million People’s Information, Lifehacker.