Employee Screening Data Breach Exposes 3.3 Million Records
Sarah Johnson
March 4, 2025
Brief
DISA Global Solutions suffered a data breach exposing sensitive information of 3.3 million people, including Social Security numbers and financial data, raising major cybersecurity and identity theft concerns.
Another day, another data breach. This time, DISA Global Solutions, a Texas-based employee screening provider, has revealed a massive security lapse that exposed the sensitive information of over 3.3 million people. The breach, which began on February 9, 2024, and went undetected for more than two months, has left millions vulnerable to identity theft and fraud.
DISA Global Solutions, known for offering background checks, drug and alcohol testing, and compliance services to over 55,000 businesses (including a third of Fortune 500 companies), discovered the breach on April 22, 2024. But here's the kicker: the public wasn't notified until nearly a year later. Talk about a response time that's slower than dial-up internet.
While DISA hasn’t disclosed exactly how the breach occurred, the prolonged undetected access raises eyebrows about their cybersecurity practices. Hackers reportedly accessed a treasure trove of personal data, including Social Security numbers, financial account details, driver’s licenses, and other government-issued IDs. Given the nature of DISA’s business, the exposed data likely also includes employment histories, criminal records, and even health-related details. Yikes.
Filings with attorneys general in Maine and Massachusetts indicate the breach affected over 360,000 residents of Massachusetts and 15,198 in Maine, contributing to a staggering total of 3,332,750 individuals nationwide. DISA is offering victims 12 months of free credit monitoring through Experian, but let’s be real—what’s a year of monitoring compared to a lifetime of potential identity theft?
For those affected, here are five practical steps to mitigate the risks:
- Monitor your financial accounts: Keep a close eye on your bank statements, credit card transactions, and credit reports for any suspicious activity. Set up alerts for unusual transactions.
- Enroll in credit monitoring: Take advantage of DISA’s free 12-month credit monitoring offer. Sign up before the June 30 deadline.
- Place a fraud alert or credit freeze: Contact one of the major credit bureaus to add a layer of protection to your credit file.
- Beware of phishing scams: With personal details in the wild, expect an uptick in targeted scams. Don’t click on suspicious links or share sensitive info via unsolicited messages.
- Consider data removal services: Proactively remove your personal information from data brokers and other sites to reduce your digital footprint.
This incident shines a harsh spotlight on how companies handle (or mishandle) the sensitive information they collect. For an organization tasked with screening employees for some of the nation’s top companies, this breach feels less like a minor slip and more like a catastrophic collapse.
The real questions now are: Should companies like DISA face stricter regulations? And how can consumers protect themselves when even the “gatekeepers” of sensitive data can’t keep it safe?
Topics
Editor's Comments
It’s almost laughable—if it weren’t so tragic—that a company specializing in screening and compliance managed to fail so spectacularly at keeping its own systems compliant. The fact that hackers lurked undetected for months and the public wasn’t notified for nearly a year is a masterclass in how not to handle cybersecurity. At this point, offering a single year of credit monitoring feels like putting a Band-Aid on a broken dam.
Like this article? Share it with your friends!
If you find this article interesting, feel free to share it with your friends!
Thank you for your support! Sharing is the greatest encouragement for us.
