DISA Global Solutions, a company that provides drug and alcohol testing, background checks and other employee screening services, this week notified over 3.3 million people that their sensitive information may have been stolen by miscreants.
In a February 24 filing with the Maine Attorney General’s office, the firm said the security breach occurred over a year ago, on February 9, 2024, and that it discovered the digital intrusion more than two months later on April 22.
In an earlier, now-removed update, DISA said it “took measures” to prevent whoever infiltrated its systems from leaking the data, and confirmed that they had deleted the stolen files.
From where we sit, that smells a lot like a response to ransomware.
While the filing in the US state of Maine doesn’t specify what specific info was feared accessed, a notice on DISA’s website provides a bit more detail.
“The personal information contained in these files may have included name, social security number, driver’s license number, other government ID numbers, financial account information, and other data elements,” it says.
These other data elements, according to the earlier notice, include drug testing information.
DISA did not immediately respond to The Register‘s request for further details on its response, including what remediation measures it employed and whether it paid a ransom. We will update this story when we hear back from the employee-screening firm.
Individuals may not be immediately aware that they were affected because they interacted with potential employers, rather than directly with DISA
“The situation is particularly concerning because bad actors had ample time to misuse the vast amounts of compromised personal data, as the breach occurred in February 2024 and wasn’t detected until that April,” Mike Puglia, general manager of security products at IT and security services provider Kaseya, told The Register via email.
“Plus, individuals may not be immediately aware that they were affected because they interacted with potential employers, rather than directly with DISA,” Puglia added.
That’s bad news because extortionists sometimes use stolen info to target individuals named in pilfered data troves. In this case, it’s possible DISA’s data includes info about employee’s drug tests and background checks. That’s info many people would not want made public, and therefore an opportunity for criminals to extort both the breached org and those caught up in the theft.
The chance for retail and wholesale extortion is a reason crims consider data brokers like DISA a very attractive target.
Attacks on info brokers can be very destructive. In August 2024, Florida-based National Public Data (NPD) was ransacked by crooks who then posted nearly three billion personal records online. In October, NPD filed for bankruptcy, admitting “hundreds of millions” of people were potentially affected by the massive data heist. ®