A major data breach at a leading U.S. employee screening company, DISA Global Solutions, exposed the personal information of over 3.3 million individuals. The company, which conducts background checks and drug testing for some of the nation’s largest corporations, disclosed the breach in a recent filing with the Maine Attorney General’s office.
According to the filing, the cyberattack occurred on February 9, 2024, but went undetected for more than two months. DISA only discovered the breach on April 22, 2024, following an internal investigation that revealed unauthorized access to a “limited portion” of its network.
In a notification letter to those affected, DISA acknowledged that the attacker had “procured some information” but admitted it could not fully determine the extent of the compromised data, as reported by media.
The breach involved highly sensitive personal details, including:
- Social Security numbers
- Credit card and financial account information
- Government-issued identification documents
As a screening service provider for over 55,000 businesses—including a third of Fortune 500 companies—DISA collects vast amounts of sensitive data, such as employment history, educational background, criminal records, and credit history.
The filing with the Massachusetts Attorney General’s office confirmed that over 360,000 Massachusetts residents were impacted, while 15,198 individuals from Maine also had their data compromised.
It remains unclear who carried out the cyberattack or how DISA’s systems were breached. The company has not yet disclosed details regarding the attack vector or potential vulnerabilities that were exploited.
