By - Disa confirms hackers were present for over two months
- They siphoned sensitive data on hundreds of thousands of users
- The company didn’t say how it got compromised
American employee screening company Disa has confirmed suffering a cyberattack in which it lost sensitive customer data.
In a breach notification letter sent to affected individuals, as well as in reports filed with Maine and Massachusetts attorney general offices, the company said it discovered a breach, impacting a “limited portion” of its network, on April 22, 2024.
The subsequent investigation determined that the threat actors, who were unnamed, accessed the company’s infrastructure on February 9, and lingered for almost three months, during which time the crooks managed to grab “some information” on Disa’s customers.
3.3 million affected
“Although our forensics investigation could not definitively conclude the specific data procured, DISA conducted a detailed and time-intensive review of the affected files to identify the personal information contained therein,” the letter reads.
The company added there is currently no evidence suggesting the data was misused in other attacks.
In the filing with the Maine Attorney General, Disa said the total number of affected people is 3,332,750. In the filing with the Massachusetts AG, it said that the data stolen included people’s Social Security numbers, financial account information (credit card numbers included), and government-issued identification documents – more than enough data to run phishing scams, identity theft, and even wire fraud.
We don’t know who the attackers were, or what their end goal is. We also don’t know how they managed to infiltrate Disa, and whether or not they tried to extort the company for the stolen information.
DISA Global Solutions is a prominent American company specializing in employee background screening, drug and alcohol testing, and compliance solutions. According to its website, DISA serves over 55,000 customers across various industries, including transportation, energy, manufacturing, and healthcare. Allegedly, approximately 30% of Fortune 500 companies utilize DISA’s services.
Via TechCrunch
