A significant cybersecurity incident has compromised the personal data of approximately 3.3 million individuals, involving a major US-based employee screening services firm, DISA Global Solutions. The breach was disclosed recently to regulatory authorities in Maine and Massachusetts. Despite the company's notification efforts, the intrusion began as early as February 9, 2024, and lasted for two months before being detected on April 22, 2024. During this period, an unknown cyber attacker gained unauthorized access to DISA's network. Although DISA stated there is no evidence of misuse of personal information, the potential exposure remains concerning.

The scope of the breach includes sensitive personal details such as Social Security numbers, financial account information, driver’s licenses, and credit and debit card numbers. In correspondence with affected parties, DISA acknowledged that it could not conclusively determine the extent of data accessed. This uncertainty underscores the severity of the situation. DISA serves over 55,000 clients, including a significant portion of Fortune 500 companies, which entrust the firm with conducting drug tests, alcohol screenings, and background checks. Handling such vast amounts of sensitive data makes DISA an attractive target for cybercriminals.

Despite the critical nature of the breach, DISA took nearly a year to notify relevant parties, raising questions about the company's response time and transparency. To mitigate potential damage, DISA is offering one year of credit monitoring and identity restoration services to those affected. This proactive measure reflects a commitment to safeguarding individuals' personal information and rebuilding trust in the wake of this security lapse. It highlights the importance of stringent cybersecurity practices and swift action in addressing breaches to protect sensitive data and maintain public confidence.