disa
Posted inBreaking News Updates

disa

Thumbnail

Data breach at employee screening co. impacts hundreds of thousands in Mass.

Image

If you’ve ever had a background check for a job, a major cyber incident at U.S.-based employee screening program has exposed the personal information of millions of people, including more than 360,000 in Massachusetts.

Follow NBC10 Boston:
https://instagram.com/nbc10boston
https://tiktok.com/@nbc10boston
https://facebook.com/NBC10Boston
https://twitter.com/NBC10Boston
https://bsky.app/profile/nbcboston.com

A major cyber incident at a U.S.-based employee screening program has exposed the personal information of millions of people, including hundreds of thousands in Massachusetts.

On April 22, 2024, DISA Global Solutions said in a notice on its website that “it was the victim of a cyber incident that impacted a limited portion of its network.” Their investigation determined that an unauthorized third party accessed their network between Feb. 9, 2024, and April 22, 2024.

According to the letter, filed with the Maine Attorney General’s Office, the company said the breach affected more than 3.3 million individuals.

According to a recent filing with the Massachusetts Attorney General’s Office, more than 360,000 residents were affected by the breach.

The stolen data included individuals’ social security numbers, financial account details and government-issued identification documents.

“People read about these breaches affecting hundreds of thousands, millions of people, and often it’s overwhelming. And then they just shut down and say, ‘Well, there’s nothing I can do about it anyway,’” said Ian Bednowitz, general manager at LifeLock. “The reality is that there is a lot that you can do to protect yourself from these breaches so that you can have peace of mind.”

DISA has started to send out notification letters to those individuals affected by the breach.

Bednowitz said consumers who believe they have been impacted need to take immediate steps to protect themselves.

“Most important thing is to freeze your credit,” explained Bednowitz. “That is the primary way that identity thieves will target their victims.”

Check bank and credit card statements for any strange activity. Consumers can also pull their free weekly credit reports from all three major credit bureaus and check for anything suspicious

“Delete accounts that you’re no longer using,” said Bednowitz. “Having this information out there just makes you increasingly vulnerable to scams, identity theft, losing your home.”

Consumers could also place a fraud alert on their credit file. This will tell creditors to contact you before opening a new account or changing an existing account.

DISA Global Solutions will offer individuals who are affected by this data breach access to credit monitoring and identity restoration services through Experian.

Sign up to receive breaking news alerts in your inbox.

The stolen data included individuals’ social security numbers, financial account details and government-issued identification documents

More data breach news

PowerSchool data breach: Thousands in Mass. affected, company says

State mails letters to RI residents impacted by major data breach

Data breaches in Massachusetts — by the numbers

Trending Stories

Weather Forecast

Subscribe to our Newsletters

By Ale Zimmerman and Bianca Beltrán • Published March 3, 2025 • Updated on March 3, 2025 at 7:05 pm

This article tagged under:

BOSTON BUSINESS JOURNAL

MASSACHUSETTS

BOSTON

ECONOMY

icon

Stream NBC10 Boston news for free, 24/7, wherever you are.

Major breach hits employee screening firm – 3.3 million affected as hackers steal DISA data

Image

Hackers seem to have stolen payment information from millions

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

American employee screening company Disa has confirmed suffering a cyberattack in which it lost sensitive customer data.

In a breach notification letter sent to affected individuals, as well as in reports filed with Maine and Massachusetts attorney general offices, the company said it discovered a breach, impacting a “limited portion” of its network, on April 22, 2024.

The subsequent investigation determined that the threat actors, who were unnamed, accessed the company’s infrastructure on February 9, and lingered for almost three months, during which time the crooks managed to grab “some information” on Disa’s customers.

“Although our forensics investigation could not definitively conclude the specific data procured, DISA conducted a detailed and time-intensive review of the affected files to identify the personal information contained therein,” the letter reads.

The company added there is currently no evidence suggesting the data was misused in other attacks.

In the filing with the Maine Attorney General, Disa said the total number of affected people is 3,332,750. In the filing with the Massachusetts AG, it said that the data stolen included people’s Social Security numbers, financial account information (credit card numbers included), and government-issued identification documents – more than enough data to run phishing scams, identity theft, and even wire fraud.

We don’t know who the attackers were, or what their end goal is. We also don’t know how they managed to infiltrate Disa, and whether or not they tried to extort the company for the stolen information.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

DISA Global Solutions is a prominent American company specializing in employee background screening, drug and alcohol testing, and compliance solutions. According to its website, DISA serves over 55,000 customers across various industries, including transportation, energy, manufacturing, and healthcare. Allegedly, approximately 30% of Fortune 500 companies utilize DISA’s services.

Via TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Perforce software hit with some major security vulnerabilities

Microsoft discovers five potentially damaging attacks against its own software

The 7 best toys we saw at Toy Fair 2025, from a Lego boat to a hatching, robotic dinosaur

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.

3.3 million affected

Are you a pro? Subscribe to our newsletter

YOU MIGHT ALSO LIKE

This site can’t be reached

www.securityweek.com’s server IP address could not be found.

Try: