Companies that handle huge amounts of user data are often the least careful with it. Last year, the National Public data breach exposed 2.7 billion records. The entire business model of the company is built on collecting data from public sources to make detailed user profiles for people in the US and then. Now another infringement has surfaced, this time that Disa Global Solutions, a screening provider of employees, affected.
The infringement has exposed the data of more than 3.3 million people, which expresses serious concerns about how sensitive personal information is treated. Millions now run the risk of identity theft and fraud.
Illustration of a hacker (Kurt “Cyberguy” Knutsson)
What you need to know
Disa Global Solutions, a company that specializes in screening services of employees, recently made public A large data breach that affects more than 3.3 million people. The company based in Texas serves more than 55,000 companies, including one third of the Fortune 500 companies, that offer background controls, drug and alcohol tests and compliance solutions.
The infringement started on February 9, 2024, when an unauthorized party gained access to a part of the Disa network. Shocking, the burglary was unnoticed for more than two months until the company discovered the “cyber incident” on April 22, 2024. After the infringement, Disa launched an internal investigation with the help of forensic experts from third parties to assess the damage.
It is still unclear how the attack happened. Disa has not confirmed whether phishing, malware or another method has been used. The fact that Hackers had access for months without detection points to serious gaps in the company’s monitoring systems. As an addition to concern, almost a year was elapsed before the public was informed, which raises serious questions about Disa’s cyber security measures and response time.
A woman who works on her laptop (Kurt “Cyberguy” Knutsson)
Spotify playlists are hijacked to promote illegal software and scams
What information has been stolen?
The hackers had access to a series of sensitive personal information, although Disa has admitted that it cannot definitively confirm the full scope of the stolen data. According to the archives at the lawyers -general of Maine and MassachusettsThe compromised information included sofi numbers, financial account data (such as credit card numbers), driving licenses and other identification documents issued by the government.
Given the role of DISA in the screening of employees, the infringement has probably collected data collected from background controls and drug tests, possibly including working history, criminal registers and even health -related information. The notification to affected individuals – more than 360,000 were residents of Massachusetts and 15,198 from Maine – underlined the width of the incident, which influenced a stunning national 3332,750 people.
We contacted Disa but did not hear for our deadline.
A woman who works on her desktop and laptops (Kurt “Cyberguy” Knutsson)
9 ways in which scammers can use your telephone number to mislead you
5 ways you can stay safe
If you have undergone a background control or drug test through an employer or potential employer, your data may be up to the millions that are exposed in this infringement. Here are five practical steps to protect yourself.
1) Monitor your financial accounts: Regularly check your bank statements, credit card transactions and credit reports on suspicious activities. The infringement has exposed financial details, which means that non -authorized transactions are a real risk. Consider setting up reports for unusual activity.
2) Register for credit monitoring: DISA offers affected persons 12 months of free credit monitoring and identity resubmission services via Experian. Take advantage of this by registering for the deadline of 30 June to keep an eye on your credit and to detect potential abuse early.
3) Place a fraud alert or freeze credit: Contact one of the most important credit agencies (Equifax, Experian or Transunion) to place a fraud alert on your file, which makes it more difficult for thieves to open accounts in your name. For stronger protection, consider a credit sausage, which completely limits access to your credit report.
4) Be on your guard for phishing attempts and install strong antivirus: Expect with personal data in the hands of cyber criminals an increase in targeted scams. Do not click on links or sharing information in unsolicited E -mails, text messages or calls that claim to be rid of DISA or related entities.
The best way to protect yourself against malignant links that install malware, which may have access to your private information, is to have strong antivirus software installed on all your devices. This protection can also warn you about phishing -e -mails and ransomware -scam, so that your personal information and digital assets are kept securely. Buy my choices for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
5) Invest in data removal services: In the light of these recurring data breaches, it is crucial to take proactive steps to protect your personal information. Although no service promises to remove all your data from the internet, having a deletion service is great if you want to constantly follow and automate the process of deleting your information from hundreds of sites for a longer period. View my best choices for data removal services here.
Kurt’s most important collection meal
The Disa Global Solutions Data Breach is not just a clear mistake. It seems to be a complete failure. A company that treats sensitive data for millions, including Fortune 500 customers, lurks hackers lurking in its systems for more than two months. Even worse, it took 10 months to tell the public. Now 3.3 million people pass with the fall -out, while Disa offers a token year of credit monitoring. The real costs are years of potential identity theft and financial damage.
What do you think of companies that collect and sell data? Do you think they should be held responsible for infringements? Let us know by writing us Cyberguy.com/contact.
For more of my technical tips and security warnings, subscribe to my free Cyberguy report newsletter by going to Cyberguy.com/newsletter.
Ask Kurt a question or let us know what stories you want.
Follow Kurt on his social channels:
Answers to the most stretched Cyberguy questions:
New from Kurt:
Copyright 2025 cyberguy.com. All rights reserved.
