In the initial months of 2024, several significant data breaches have come to public attention, including notable incidents affecting PowerSchool and Community Health Center. The most recent breach has involved DISA Global Solutions, a prominent provider of employment screening and background check services, which has put the personal information of over 3.3 million individuals at risk.
DISA Global Solutions services approximately 55,000 employers nationwide, providing crucial background check services. However, their systems experienced a breach that persisted for an alarming duration of over two months, from February 9, 2024, until its discovery on April 22, 2024.
Details of the DISA Breach
As reported in a filing with the Maine Attorney General’s office, hackers infiltrated DISA’s systems and compromised the data of 3,332,750 individuals. While the company’s notification to consumers vaguely indicated that “some information” was stolen, further disclosures revealed more alarming details. An additional document uncovered by TechCrunch specified that the breach included sensitive personal data such as Social Security numbers, medical records, financial account information, and credit and debit card numbers, along with other government-issued documents.
DISA aggregates a comprehensive array of consumer information as part of its background check process, collecting data that ranges from credit and employment histories to driving records, drug tests, and criminal and civil legal filings. This breadth of information presents a substantial opportunity for misuse if it falls into malicious hands.
Steps for Affected Individuals
In light of this breach, affected individuals should remain vigilant regarding their personal accounts and communications. It is essential to practice fundamental security measures, particularly with regard to potential phishing attempts. Individuals should also take proactive steps to mitigate further damage, such as freezing their credit and placing alerts to deter unauthorized use of their identity. Identity protection services are also advisable, as they can provide timely notifications of suspicious activities.
As of February 21, DISA has begun notifying those impacted by this breach and is offering a 12-month membership to Experian’s IdentityWorks service, which provides identity monitoring. Affected individuals may sign up for this service through the IdentityWorks website, using an activation code provided in their notification, with enrollment available until June 30, 2025.
DISA’s breach highlights critical vulnerabilities in data security practices that can have widespread repercussions. The attack may have involved tactics as outlined in the MITRE ATT&CK Matrix, particularly in areas such as initial access through phishing or exploiting vulnerabilities in network security, ongoing persistence within systems, and various methods of privilege escalation to gain unauthorized access to sensitive information. This incident serves as a poignant reminder for organizations to regularly assess and strengthen their cybersecurity protocols to defend against such sophisticated threats.