By Ashwani Mishra, Editor-Technology, 63SATS
A major cybersecurity breach has exposed the personal details of over 3.3 million individuals in the United States, following an attack on DISA Global Solutions, a company specializing in background checks, drug testing, and employee screening.
The company, which serves more than 55,000 U.S. corporations, including Fortune 500 firms, confirmed the breach in a filing with the Attorney General of Maine on Monday.
The incident, which occurred on April 22, 2024, compromised a section of DISA’s network. While the Maine filing did not disclose the exact nature of the exposed data, a notice on DISA’s website confirmed that affected individuals’ names, Social Security numbers, driver’s license details, government IDs, financial account data, and even drug test results may have been accessed.
Security Gaps and Company Response
DISA has admitted that it lacks technical capabilities to fully assess the extent of the breach. The company has notified impacted individuals and is taking steps to strengthen its cybersecurity framework.
Given that DISA handles highly sensitive personal data, including employment history, educational records, criminal background checks, and financial credit information, this breach raises serious concerns about data security in employee screening services.
To mitigate risks, DISA is offering assistance to affected individuals and working on enhanced security measures to prevent future cyber incidents.
However, the breach highlights the vulnerabilities faced by companies storing extensive personal information, underscoring the urgent need for stronger cybersecurity protocols across industries.
Rising Trend of Cyberattacks on Employment Services Companies
The DISA breach is not an isolated event. Cybercriminals are increasingly targeting employment services companies due to the vast amount of sensitive data they handle. Similar attacks in 2024 have demonstrated a pattern of poor cybersecurity readiness in this sector.
- Paychex Data Breach (April 2024): In a separate attack earlier this year, a Florida worker filed a class-action lawsuit against Paychex, a payroll services company, after a breach exposed employees’ names and Social Security numbers. The lawsuit alleged that Paychex delayed notifying affected individuals for an entire month, further aggravating the risks of identity theft.
- Fortive Subsidiaries Breach (2023-2024): On October 3, 2024, multiple subsidiaries of Fortive Corporation, including FTV Employment Services, reported breaches to state attorney general offices. These breaches resulted in unauthorized access to names, dates of birth, Social Security numbers, driver’s licenses, passport numbers, financial details, and health insurance information. The attacks, which occurred between January 25, 2023, and November 6, 2023, were only discovered after cybercriminals had already gained extensive access to Fortive’s network.
