A cyber incident at DISA Global Solutions, Inc. has exposed the sensitive personal information of more than 3.3 million people undergoing employment screenings; the company confirmed to affected individuals last Friday.

Breach Timeline and Investigation

On April 22, 2024, DISA detected unauthorized access to a limited portion of its network. An internal investigation, aided by third-party forensic experts, revealed that an unidentified attacker had accessed its systems between February 9 and April 22, 2024.

Though DISA could not confirm exactly what data was taken, affected files likely contained personal details such as names, Social Security numbers, driver's license numbers, financial account information and other identifiers.

Read more on cybersecurity risks and data protection strategies: EU Commission Liable for Breaching EU's Own Data Protection Rules

The company stated that there is currently no evidence of misuse of the compromised information. Upon discovery, DISA reportedly took immediate action to contain the breach, notify authorities, restore operations and enhance security protocols.

"Two dimensions of this cyber incident are notable. The first is that SSNs were exfiltrated for individuals, and these are easily monetized by threat actors. Storing SSNs for any purpose should require a higher level of security, and using SSNs to identify digital consumers is an obsolete data management practice," said Jim Routh, chief trust officer at Saviynt.

"The second dimension is that the root cause of the breach is not provided, so it is not clear what steps DISA took to reduce the probability of this happening again."

Impact and Response

DISA, a third-party administrator of employment screening services, provides background checks and drug testing for various industries, including high-profile Fortune 500 companies. Given its access to sensitive data, the breach raises concerns over cybersecurity vulnerabilities in the sector.

Affected individuals are being notified directly and offered:

12 months of free credit monitoring and identity restoration services through Experian

Guidance on steps to monitor and protect their financial information

Access to a dedicated assistance line for inquiries

Expert Concerns Over Security Gaps

Cybersecurity experts have expressed concerns over DISA's breach detection and response time. Javvad Malik, lead security awareness advocate at KnowBe4, highlighted the need for stronger cybersecurity measures in firms handling sensitive personal data.

"The delay in detecting and reporting the breach raises pressing questions about the ongoing monitoring and incident response strategies employed by DISA," Malik said. "Providing identity theft protection services post-breach [...] is merely a reactive measure. It is imperative for organizations [...] to adopt a more proactive stance on cybersecurity."

Cory Michal, chief security officer at AppOmni, echoed Malik's point, adding that background check firms are prime targets for cyber-criminals due to the nature of their data storage.

"Unlike financial institutions, which must adhere to strict cybersecurity regulations, these companies often operate with less security budget and weaker security controls, making them more vulnerable to attacks," Michal said.

As investigations continue, DISA faces scrutiny over its security infrastructure and response effectiveness. Organizations handling personal data must prioritize cybersecurity to prevent similar breaches in the future.

For more information, affected individuals can call DISA's dedicated assistance line at 833-931-9800.