Major U.S. employee drug and alcohol screening and background check provider DISA Global Solutions had information from over 3.3 million individuals exfiltrated following a cyberattack against its network in early February 2024, which was only discovered more than two months later, TechCrunch reports.
The attack was considered significant because DISA caters to over 55,000 enterprises and one-third of organizations in the Fortune 500.
Despite reporting its inability to "definitively conclude" the types of data stolen in the attack in its breach notification letter to impacted individuals, DISA disclosed in a separate filing with the Office of the Massachusetts Attorney General the theft of Social Security numbers, government-issued documents, and credit card numbers and other financial account details.
Over 360,000 Massachusetts residents were also confirmed to have their data compromised as a result of the attack. However, DISA has not provided additional details regarding the intrusion's perpetrators, the means of compromise, and the reasons behind its deferred breach notifications.
