DISA Global Solutions, a U.S. employee screening service provider, said it suffered a data breach that affected more than 3.3 million people.
DISA, which provides services such as drug and alcohol testing and background checks More than 55,000 companies One-third of 500 Fortune 500 companies confirmed data breaches Register Monday with Maine’s Attorney General.
DISA said it found it a victim of a “cyber incident” that affected the “limited portion” of April 22, 2024. An internal investigation determined that hackers infiltrated the company’s network on February 9, 2024, where the company penetrated the network. They have not been ignored for more than two months.
In a letter sent to people who breached data, including individuals who received employee screening tests, DISA said the attacker “procures some information” from his system.
In another Register In the case of the Massachusetts Attorney General, DISA confirmed that the stolen information includes the individual’s social insurance number, financial account information of the credit card number, and government-issued ID card documents. The document confirmed that more than 360,000 Massachusetts residents were affected by the violation.
However, DISA said in its data breach notice that “the specific data purchased cannot be concluded with certainty”, indicating that the company has no technical means, such as logs, that it cannot detect accessed or deleted internal data.
According to its websiteDISA collects a wide range of personal and sensitive information, including detailed information about the applicant’s work history, educational background, criminal history and credit history.
It is not yet known who is behind the cyber attack or how the organization compromises. It is not clear why it took so long to notify affected persons about the violation.
Disa did not immediately answer TechCrunch’s question.
