A massive data breach has struck the American background screening and drug and alcohol testing service DISA Global Solutions impacting over 3.3 million people.
DISA works with over 55,000 customers ranging from state and federal agencies to private organizations, including 30% of the Fortune 500 companies, making the data breach significant.
On April 22, 2024, DISA detected a cyber incident that impacted a limited portion of its network. It swiftly responded by containing the incident and engaging third-party cyber forensics experts to conduct an investigation.
The probe determined that an unauthorized actor had gained access between February 9, 2024, and April 22, 2024, and accessed certain files containing personal information.
Background screening data breach leaks sensitive info
According to a data breach notification filed with the Office of the Maine Attorney General, the data breach affected 3,332,750 current and former employees and prospective candidates of DISA customers.
DISA said it has yet to conclusively determine the nature of stolen information. However, it potentially includes the victims’ full names, Social Security Numbers, Driver’s license numbers, government IDs, and other data elements including drug testing information. For Massachusetts residents, the data breach also leaked financial information, including credit card numbers.
The background screening service also handles other sensitive information such as contact details, employment and education history, criminal records, and credit history.
Since most people wish to keep their background information secret, leaking those details creates an opportunity for malicious actors to extort them. Similarly, exposing Social Security Numbers, government IDs, and financial information puts the victims at risk of fraud.
However, the background screening company has no evidence of the stolen information being misused or shared. Additionally, it took measures to dissuade the threat actor from publishing the stolen information online and has confirmed data deletion, likely after paying a ransom.
“Presently, we are unaware of any attempted or actual misuse of any information involved in this incident,” DISA stated.
DISA also notified impacted individuals where its client firms had no reservations about the background screening company directly contacting their employees. Likely, this is because some workers may be unaware that their employer uses a third-party company to vet them.
DISA has also reported the data breach to relevant regulatory and law enforcement authorities, implemented additional security measures, and provided 12 months of complimentary credit monitoring and identity theft protection with Experian.
“While DISA Global Solutions is offering 12 months of free credit monitoring and identity theft protection, these efforts fall short of addressing the root cause,” warned Nick Tausek, Lead Security Automation Architect at Swimlane. “Organizations must go beyond damage control and focus on strengthening their threat detection, response, and remediation efforts. Cyber resilience isn’t just about responding to breaches, it’s about getting ahead of them before they happen. By leveraging AI-driven security automation, security teams can detect anomalies before they escalate into large-scale breaches, reducing both risk and response time.”
Jim Routh, Chief Trust Officer at Saviynt, also questioned DISA’s handling of the incident highlighting that “the root cause of the breach is not provided so it is not clear what steps DISA took to reduce the probability of this happening again.”
Meanwhile, victims should remain vigilant by monitoring their financial statements and credit reports and promptly report any suspicious activity.
While DISA never disclosed the nature of the cyber incident, its data breach notice on its website says it restored its systems and operations, suggesting that ransomware was involved. However, no ransomware group has taken responsibility for the DISA cyber attack.
Past data breaches of background screening firms
DISA is hardly the first background screening firm to suffer a data breach leaking personal information. In 2024, a data broker and background screening services provider Jerico Pictures, Inc., operating as National Public Data, suffered a data breach that leaked a whopping 2.9 billion records.
In 2014, U.S. Investigations Services (USIS), which used to provide background checks for the federal government, suffered a data breach that leveraged a third-party managed SAP system, leaking the personal and financial information of an unknown number of federal employees.
‘It’s a sector that is inherently trusted with some of the most private aspects of individuals’ lives, from social security numbers to medical history,” said Javvad Malik, Lead Security Awareness Advocate at KnowBe4. “The fact that DISA, with its expansive list of high-profile clients including a significant portion of the Fortune 500 companies, fell victim to such an exploit illustrates a concerning underestimation of the capabilities of modern cyber threats.”
