DISA World Options, a U.S.-based supplier of worker screening providers, has stated it suffered a data breach that impacts greater than 3.3 million individuals.
DISA, which gives providers like drug and alcohol testing and background checks to greater than 55,000 enterprises and a 3rd of Fortune 500 firms, confirmed the data breach in a submitting with Maine’s lawyer normal on Monday.
DISA stated it found it had been the sufferer of a “cyber incident” that impacted a “restricted portion” of its community on April 22, 2024. An inside investigation decided {that a} hacker had infiltrated the corporate’s community on February 9, 2024, the place they went unnoticed for over two months.
In a letter despatched to these affected by the data breach, which incorporates people who underwent worker screening assessments, DISA stated the attacker “procured some info” from its methods.
In a separate submitting with the Massachusetts lawyer normal, DISA confirmed the stolen info included people’ Social Safety numbers, monetary account info together with bank card numbers, and government-issued identification paperwork. This submitting confirmed that greater than 360,000 Massachusetts residents had been affected by the breach.
Nonetheless, in its data breach notification letter, DISA stated it “couldn’t definitively conclude the particular information procured,” suggesting the corporate doesn’t have the technical means, equivalent to logs, to detect what inside information was accessed or exfiltrated.
In response to its web site, DISA collects a variety of non-public and delicate info, together with particulars about an applicant’s work historical past, instructional background, prison information, and credit score historical past.
It’s not but identified who was behind the cyberattack or how the group was compromised. It’s additionally unclear why it has taken DISA so lengthy to inform affected people in regards to the breach.
DISA didn’t instantly reply to information.killnetswitch’s questions.
