US Employee Screening Giant Hacked – 3M People Data at Risk
DISA Global Solutions, a leading provider of employment screening services, has confirmed a massive data breach exposing sensitive information of approximately 3.3 million individuals.
The incident, classified as an external system breach (CVE pending), occurred between February 9 and April 22, 2024, with unauthorized actors accessing systems containing drug test results, background checks, and personally identifiable information (PII).
The breach remained undetected for 73 days until DISA’s security team identified anomalous network activity on April 22, 2024.
Forensic investigations revealed threat actors employed advanced persistent threat (APT) tactics to infiltrate the company’s environment, though specific attack vectors remain undisclosed.
DISA Data Breach
DISA’s incident response protocol involved immediate containment, collaboration with third-party cybersecurity experts, and system restoration with enhanced encryption protocols.
Affected data includes names coupled with sensitive identifiers, though DISA’s review could not definitively confirm the exfiltration scope.
The absence of indicators of compromise (IOCs) related to misuse has not alleviated concerns, given the high-risk nature of employment-related PII.
DISA notified federal law enforcement and state attorneys general, adhering to U.S. breach notification laws requiring disclosure when state residents’ data is compromised.
Maine’s Office of the Attorney General received specifics about 15,198 impacted residents, triggering mandatory alerts to Equifax, Experian, and TransUnion under Maine’s data protection statutes.
The company began mailing Written Notifications detailing complimentary 12-month subscriptions to Experian IdentityWorks
. This service includes credit monitoring (FICO score tracking), $1 million identity theft insurance, and Identity Restoration Support.
Affected individuals must enroll by June 30, 2025, using unique activation codes (e.g., ABCDEFGHI).
Consumers may restrict credit report access via written requests to bureaus, requiring government-issued ID copies, proof of address, and Social Security numbers. Freezes persist until manually lifted.
Cybersecurity experts emphasize the need for multi-factor authentication (MFA) and zero-trust frameworks in sensitive data sectors.
The incident also highlights gaps in real-time threat detection, as prolonged undetected access enabled potential data monetization on dark web markets.
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free
The post US Employee Screening Giant Hacked – 3M People Data at Risk appeared first on Cyber Security News.
DISA Global Solutions, a leading provider of employment screening services, has confirmed a massive data breach exposing sensitive information of approximately 3.3 million individuals.
The incident, classified as an external system breach (CVE pending), occurred between February 9 and April 22, 2024, with unauthorized actors accessing systems containing drug test results, background checks, and personally identifiable information (PII).
The breach remained undetected for 73 days until DISA’s security team identified anomalous network activity on April 22, 2024.
Forensic investigations revealed threat actors employed advanced persistent threat (APT) tactics to infiltrate the company’s environment, though specific attack vectors remain undisclosed.
DISA Data Breach
DISA’s incident response protocol involved immediate containment, collaboration with third-party cybersecurity experts, and system restoration with enhanced encryption protocols.
Affected data includes names coupled with sensitive identifiers, though DISA’s review could not definitively confirm the exfiltration scope.
The absence of indicators of compromise (IOCs) related to misuse has not alleviated concerns, given the high-risk nature of employment-related PII.
DISA notified federal law enforcement and state attorneys general, adhering to U.S. breach notification laws requiring disclosure when state residents’ data is compromised.
Maine’s Office of the Attorney General received specifics about 15,198 impacted residents, triggering mandatory alerts to Equifax, Experian, and TransUnion under Maine’s data protection statutes.
The company began mailing Written Notifications detailing complimentary 12-month subscriptions to Experian IdentityWorks
. This service includes credit monitoring (FICO score tracking), $1 million identity theft insurance, and Identity Restoration Support.
Affected individuals must enroll by June 30, 2025, using unique activation codes (e.g., ABCDEFGHI).
Consumers may restrict credit report access via written requests to bureaus, requiring government-issued ID copies, proof of address, and Social Security numbers. Freezes persist until manually lifted.
Cybersecurity experts emphasize the need for multi-factor authentication (MFA) and zero-trust frameworks in sensitive data sectors.
The incident also highlights gaps in real-time threat detection, as prolonged undetected access enabled potential data monetization on dark web markets.
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free
The post US Employee Screening Giant Hacked – 3M People Data at Risk appeared first on Cyber Security News.
