DISA Global Solutions, Inc. recently acknowledged a significant cybersecurity breach affecting more than 3.3 million individuals involved with employment screenings. This was confirmed to concerned parties on a Friday, following an intensive internal investigation.
The breach timeline indicates that unauthorized access was detected on April 22, 2024. During the investigation, which included the expertise of external forensic specialists, it was disclosed that intruders had infiltrated DISA's systems over an eight-week window, between February 9 and April 22, 2024.
While specific information about the compromised data has not been fully disclosed by the company, it is presumed that the accessed files contained crucial personal details, including names, Social Security numbers, driver's license numbers, and financial account information.
"Two dimensions of this cyber incident are notable. The first is that SSNs were exfiltrated for individuals, and these are easily monetized by threat actors. Storing SSNs for any purpose should require a higher level of security, and using SSNs to identify digital consumers is an obsolete data management practice," stated Jim Routh, chief trust officer at Saviynt.
The company has asserted that there is, at this time, no evidence suggesting that the compromised data has been misused. Upon identifying the breach, DISA promptly activated its containment protocols, notified law enforcement, restored operational functions, and began enhancing its security measures.
DISA acts as a crucial third-party administrator for employment screening services, which includes conducting background checks and drug testing for a variety of sectors, including notable Fortune 500 companies. This breach highlights the growing concerns over cybersecurity vulnerabilities within such essential services.
To address the immediate needs of those affected, DISA is directly notifying individuals while offering comprehensive support, which includes 12 months of free credit monitoring and identity restoration services provided through Experian. Additionally, they provide guidance on how to effectively monitor and safeguard individual financial information and a dedicated assistance line for inquiries.
Cybersecurity professionals have voiced alarm regarding DISA's breach detection and response timeline. Javvad Malik, lead security awareness advocate at KnowBe4, emphasized the importance of robust cybersecurity practices for organizations handling sensitive personal information.
"The delay in detecting and reporting the breach raises pressing questions about the ongoing monitoring and incident response strategies employed by DISA," Malik remarked. "Providing identity theft protection services post-breach [...] is merely a reactive measure. It is imperative for organizations [...] to adopt a more proactive stance on cybersecurity."
"The delay in detecting and reporting the breach raises pressing questions about the ongoing monitoring and incident response strategies employed by DISA,"
Cory Michal, chief security officer at AppOmni, supported Malik's concerns and pointed out that background check companies are frequently targeted by cybercriminals due to their storage of sensitive data.
"Unlike financial institutions, which must adhere to strict cybersecurity regulations, these companies often operate with less security budget and weaker security controls, making them more vulnerable to attacks," Michal noted.
"Unlike financial institutions, which must adhere to strict cybersecurity regulations, these companies often operate with less security budget and weaker security controls, making them more vulnerable to attacks,"
Looking Ahead
As investigations persist, DISA's security framework and its efficacy in responding to the incident remain a focal point of scrutiny. Organizations managing sensitive data must prioritize cybersecurity measures to mitigate the risk of similar breaches in the future.
For further assistance, affected individuals can reach out to DISA's dedicated support line at 833-931-9800.