Blog

US drug testing firm says data breach impacted 3.3 million people

3 hours ago
2 minutes read

DISA Global Solutions, a leading US background screening and drug and alcohol testing firm, has suffered a data breach impacting 3.3 million people.

In January, the company first disclosed a cybersecurity incident that occurred between February 9, 2024, and April 22, 2024, the day it discovered the breach.

In an update earlier this month, DISA revealed that the threat actors might have accessed sensitive data stored in its systems, but there was no evidence of further dissemination or misuse.

Today, the company confirmed that after further investigation, it was determined that the sensitive data of 3,332,750 million people had been exposed in the cyberattack.

DISA has over 55,000 customers across a broad range of industries, with 30% of Fortune 500 companies relying on the firm’s services. That said, the data breach could have far-reaching consequences nationwide.

“We are writing to inform you about an incident experienced by DISA that may have involved some of your personal information, which came into our possession due to the employee screening services you may have completed with your current or former employer or a prospective employer,” reads the notification sent to impacted individuals.

DISA did not disclose what types of information were exposed to the unauthorized party in the sample letter it shared with the authorities. However, in a notice published on its website, it lists the following:

  • Full name

  • Social Security number

  • Driver’s license number

  • Government ID number

  • Financial account information

  • Other data elements

What the ‘other data elements’ consist of is unclear, but due to the type of services it offers, DISA generally handles personally identifiable information, contact details, employment and education history, criminal and background checks, drug and alcohol testing data, medical and health-related data, and more.

While DISA has not shared what type of cyberattack they experienced, a now-deleted notice indicates that they paid a ransom demand to prevent the stolen data from being publicly released.

DISA data has not been found on the dark web. DISA indicated it ‘took measures to dissuade the threat actor from publicly releasing any acquired data and to provide confirmation of the deletion of the data’,” reads a copy of the now-deleted notice.

To protect impacted people from the risks arising from the data exposure, DISA offers 12 months of free credit monitoring and identity theft protection service through Experian.

It is also recommended that potentially impacted individuals consider placing fraud alerts and security freezes on their accounts as a precaution.


Source link

Tags
3 hours ago
2 minutes read

Related Articles

10 of the Most Ridiculous Fees (and How to Avoid Paying Them)

1 hour ago

Best Cars of the Year: 10 Top Picks of 2025

1 hour ago

How to Change Default iPhone Apps for Calls, Messages, Email and More

1 hour ago

How to change the mouse and touchpad scroll direction in Windows 11

1 hour ago

6 Best Recurring Billing Software in 2025

2 hours ago

More than 3.3 million people hit by employee screening data hack — what you need to know

2 hours ago

UK newspapers blanket their covers to protest loss of AI protections

4 hours ago

Analysts think Microsoft’s data center rollback is bad news for the AI boom – but the company says not to worry

4 hours ago

10 Best Tom Hanks Movies, Ranked

4 hours ago

Ransomware gang says it hacked a South Carolina school district

5 hours ago
Back to top button
close