Major Data Breach Exposes Personal Information of 3.3 Million at DISA Global Solutions

AUSTIN, Texas — A data breach at DISA Global Solutions, Inc., which provides employment screening services, has compromised the personal information of over 3.3 million individuals, the company disclosed on February 26, 2025. DISA, known for drug testing and background checks, detected unauthorized access to its systems on April 22, 2024, nearly three months after the breach began on February 9, 2024.

The investigation into the breach was conducted with help from third-party forensic experts. While DISA could not conclusively determine the type of information accessed, it indicated that sensitive data potentially includes individuals’ names, Social Security numbers, driver’s license numbers, and financial account information. “We take this incident seriously and sincerely regret any inconvenience this incident may cause affected individuals,” DISA stated in a notice.

As part of its response, DISA has notified law enforcement, implemented additional security measures, and will offer a year of complimentary credit monitoring and identity restoration services through Experian for those affected. Despite these steps, the company noted that it is “unaware of any attempted or actual misuse of any information involved in this incident.”

According to a letter filed with the Maine Attorney General’s office, only a small number of those impacted, approximately 15,198 individuals, are Maine residents, while over 360,000 individuals are from Massachusetts.

The breach at DISA is part of a troubling pattern of cyberattacks targeting the employment services industry. In July 2024, a similar incident at a payroll services company exposed workers’ personal details, and HR vendors have faced multiple breaches in recent years. This surge in incidents highlights vulnerabilities in the employment services sector, which are often less stringently regulated than financial institutions.

Cybersecurity experts expressed concerns regarding DISA’s breach detection capabilities and response timeline. Javvad Malik, a lead security awareness advocate at KnowBe4, emphasized the importance of proactive cybersecurity measures for firms that manage sensitive information. “The delay in detecting and reporting the breach raises pressing questions about the ongoing monitoring and incident response strategies employed by DISA,” Malik said.

Cory Michal, chief security officer at AppOmni, echoed these sentiments, stating background check firms like DISA are prime targets for cybercriminals due to their data storage practices. “Unlike financial institutions, which must adhere to strict cybersecurity regulations, these companies often operate with less security budget and weaker controls,” Michal noted.

The incident has raised significant scrutiny over DISA’s security infrastructure and effectiveness in protecting sensitive data. As investigations continue, individuals impacted by the breach are urged to monitor their financial accounts for any signs of misuse of their personal information.

For further assistance, affected individuals can contact DISA’s dedicated help line at 833-931-9800.