Employees at a third of the Fortune 500 companies are now being told to be on the alert after a huge data breach.
DISA Global Solutions, a US-based provider of employee screening services, has announced that data on more than 3.3 million people has been exposed.
While this breach is tiny compared to the hack last month of PowerSchool, which impacted 60 million teachers and students, both incidents share the fact that sensitive data has been exposed.
What Do We Know So far?
DISA carries out drug and alcohol testing and background checks to companies, and says on its website that it works with more than 55,000 customers.
It has admitted to the cyber incident in a filing with Maine’s attorney general on Monday. It describes the breach as an “external system breach” or “hacking.” The letter states: “On April 22, 2024, we discovered that we were the victim of a cyber incident that impacted a limited portion of our network.”
This just in! View
the top business tech deals for 2025 👨💻
“Upon discovery, we immediately contained the incident and initiated an investigation with the assistance of third-party forensic experts. Our investigation determined that an unauthorized third party accessed our environment between February 9, 2024, and April 22, 2024, and procured some information.”
The company adds that the investigation could not “definitively conclude the specific data procured” but DISA has since launched its own review.
How Do I Know If I’ve Been Impacted?
The filing suggests that the company has notified impacted customers – though it specifically talks about Maine residents.
It also states that those impacted will be given 12 months of credit monitoring and identity theft protection services through Experian. The letter details how to access this service and which tools to use – including credit monitoring and up to $1 Million Identity Theft Insurance.
There is also a filing with the Massachusetts attorney general, and this gives more details of what data has been stolen. It lists Social Security numbers, financial account information including credit card numbers, as well as government-issued identification documents.
Questions To Be Asked
While the company is communicating with potential victims and offering guidance, there will be questions raised over why it took so long to discover the breach.
As TechCrunch reported, the attack went unnoticed for more than two months. Considering the nature of the data being kept on customers, this will need answering and fast. The letter for Maine residents is also pretty vague as to what data was taken suggesting investigations are ongoing.
In the meanwhile, customers should remain vigilant and visit the Federal Trade Commission’s website for more guidance.
