Subj : Major breach hits employee screening firm - 3.3 million affected
To   : All
From : TechnologyDaily
Date : Thu Feb 27 2025 18:00:08

Major breach hits employee screening firm - 3.3 million affected as hackers 
steal DISA data

Date:
Thu, 27 Feb 2025 16:03:00 +0000

Description:
Hackers seem to have stolen payment information and Social Security numbers.

FULL STORY
======================================================================Disa 
confirms hackers were present for over two months They siphoned sensitive 
data on hundreds of thousands of users The company didn't say how it got 
compromised 

American employee screening company Disa has confirmed suffering a 
cyberattack in which it lost sensitive customer data. 

In a breach notification letter sent to affected individuals, as well as in 
reports filed with Maine and Massachusetts attorney general offices, the 
company said it discovered a breach, impacting a limited portion of its 
network, on April 22, 2024. 

The subsequent investigation determined that the threat actors, who were 
unnamed, accessed the companys infrastructure on February 9, and lingered for 
almost three months, during which time the crooks managed to grab some 
information on Disas customers. 3.3 million affected 

Although our forensics investigation could not definitively conclude the 
specific data procured, DISA conducted a detailed and time-intensive review 
of the affected files to identify the personal information contained therein, 
the letter reads. 

The company added there is currently no evidence suggesting the data was 
misused in other attacks. 

In the filing with the Maine Attorney General, Disa said the total number of 
affected people is 3,332,750. In the filing with the Massachusetts AG, it 
said that the data stolen included peoples Social Security numbers, financial 
account information (credit card numbers included), and government-issued 
identification documents - more than enough data to run phishing scams, 
identity theft , and even wire fraud. 

We dont know who the attackers were, or what their end goal is. We also dont 
know how they managed to infiltrate Disa, and whether or not they tried to 
extort the company for the stolen information. 

DISA Global Solutions is a prominent American company specializing in 
employee background screening, drug and alcohol testing, and compliance 
solutions. According to its website, DISA serves over 55,000 customers across 
various industries, including transportation, energy, manufacturing, and 
healthcare. Allegedly, approximately 30% of Fortune 500 companies utilize 
DISA's services. 

 Via TechCrunch You might also like We've rounded up the best password 
managers Take a look at our guide to the best authenticator app Orange 
confirms it suffered breach after hacker leaks company documents



======================================================================
Link to news story:
https://www.techradar.com/pro/security/major-breach-hits-employee-screening-fi
rm-3-3-million-affected-as-hackers-steal-disa-data


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.