Employee screening data breach exposes 3.3 million records

Fox News

04-03-2025

Companies that handle massive amounts of user data are often the least careful with it. Last year, the National Public Data breach exposed 2.7 billion records. The company's entire business model was built around collecting data from public sources to create detailed user profiles for people in the U.S. and beyond. Now, another breach has surfaced, this time affecting DISA Global Solutions, an employee screening provider.
The breach has exposed the data of more than 3.3 million individuals, raising serious concerns about how sensitive personal information is handled. Millions are now at risk of identity theft and fraud.
DISA Global Solutions, a company specializing in employee screening services, recently disclosed a major data breach affecting over 3.3 million individuals. The Texas-based firm serves more than 55,000 businesses, including a third of Fortune 500 companies, offering background checks, drug and alcohol testing and compliance solutions.
The breach began on Feb. 9, 2024, when an unauthorized party gained access to part of DISA's network. Shockingly, the intrusion went undetected for more than two months until the company discovered the "cyber incident" on April 22, 2024. Following the breach, DISA launched an internal investigation with help from third-party forensic experts to assess the damage.
It's still unclear how the attack happened. DISA hasn't confirmed whether phishing, malware or another method was used. However, the fact that hackers had access for months without detection points to serious gaps in the company's monitoring systems. Adding to the concern, nearly a year passed before the public was notified, which raises serious questions about DISA's cybersecurity measures and response time.
The hackers accessed a trove of sensitive personal information, though DISA has admitted it cannot definitively confirm the full scope of the stolen data. According to filings with the attorneys general of Maine and Massachusetts, the compromised information included Social Security numbers, financial account details (such as credit card numbers), driver's licenses and other government-issued identification documents.
Given DISA's role in employee screening, the breach likely exposed data collected from background checks and drug tests, potentially including employment histories, criminal records and even health-related information. The notification to affected individuals – more than 360,000 were Massachusetts residents and 15,198 from Maine – underscored the breadth of the incident, affecting a staggering 3,332,750 people nationwide.
We reached out to DISA but did not hear back before our deadline.
If you've undergone a background check or drug test through an employer or prospective employer, your data might be among the millions exposed in this breach. Here are five practical steps to protect yourself.
1) Monitor your financial accounts: Regularly check your bank statements, credit card transactions and credit reports for suspicious activity. The breach exposed financial details, making unauthorized transactions a real risk. Consider setting up alerts for any unusual activity.
2) Enroll in credit monitoring: DISA is offering affected individuals 12 months of free credit monitoring and identity restoration services through Experian. Take advantage of this by enrolling before the June 30 deadline to keep tabs on your credit and detect potential misuse early.
3) Place a fraud alert or credit freeze: Contact one of the major credit bureaus (Equifax, Experian or TransUnion) to place a fraud alert on your file, which makes it harder for thieves to open accounts in your name. For stronger protection, consider a credit freeze, which restricts access to your credit report entirely.
4) Be wary of phishing attempts and install strong antivirus: With personal details in the hands of cybercriminals, expect an uptick in targeted scams. Avoid clicking links or sharing information in unsolicited emails, texts or calls claiming to be from DISA or related entities.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
5) Invest in data removal services: In light of these recurring data breaches, taking proactive steps to protect your personal information is crucial. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.
The DISA Global Solutions data breach isn't just an apparent mistake. It seems to be a complete failure. A company that handles sensitive data for millions, including Fortune 500 clients, let hackers lurk in its systems for more than two months. Worse, it took 10 months to tell the public. Now, 3.3 million people are left dealing with the fallout while DISA offers a token year of credit monitoring. The real cost is years of potential identity theft and financial damage.
How do you feel about companies that collect and sell data? Do you think they should be held accountable for breaches? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.