Drug testing firm DISA Global Solutions reports data breach exposing 3.3 million people

DISA Global Solutions, a US background screening and drug and alcohol testing firm, is reporting a major data breach affecting 3,332,750 individuals. 

The security incident occurred between February 9, 2024, and April 22, 2024, when the company discovered the unauthorized access. DISA determined that threat actors had accessed sensitive personal information stored in their systems. The compromised information includes:

• Full names
• Social Security numbers
• Driver's license numbers
• Government ID numbers
• Financial account information
• Other data elements

While the company has not specified what these "other data elements" encompass, DISA typically handles extensive personal information due to the nature of its services, potentially including contact details, employment and education history, criminal and background checks, drug and alcohol testing data, and medical and health-related information.

A now-deleted notice suggests that DISA may have paid a ransom to prevent the stolen data from being publicly released. The removed text stated, "DISA data has not been found on the dark web. DISA indicated it 'took measures to dissuade the threat actor from publicly releasing any acquired data and to provide confirmation of the deletion of the data.'" 

The company has not officially confirmed whether they experienced a ransomware attack or paid any ransom.

The company has begun notifying affected individuals and is offering affected individuals 12 months of free credit monitoring and identity theft protection services through Experian.