US employee screening firm DISA hit with data breach affecting over 3.3 million people

US-based employee screening services provider DISA Global Solutions said it was breached by hackers, putting the personally identifiable information of 3.3 million people at risk.

While DISA informed Maine’s attorney general of the data breach yesterday (thanks, TechCrunch) and reported the hack to Massachusetts’s Office of Consumer Affairs and Business Regulation earlier on February 22, the attack began over a year ago, on February 9, 2024. The unidentified hacker accessed DISA’s network for two months before the company noticed on April 22, 2024. However, there’s allegedly “no evidence of actual or attempted misuse” of personal information.

In a sample notification letter sent to those affected by the hack, DISA claimed it “could not definitively conclude the specific data procured” even after an investigation with third-party assistance. However, the Massachusetts filing listed what the attackers accessed: Social Security numbers, financial accounts ...