/wion/media/agency_attachments/2024/12/26/2024-12-26t112006978z-wion-white-logo-for-website-2-1.png){kind=logo}
/wion/media/agency_attachments/2024/12/13/2024-12-13t071548098z-wionlogo.webp)
/wion/media/member_avatars/sites/default/files/styles/medium/public/2023/07/17/367493-img20201105023231874.jpg)
/wion/media/member_avatars/sites/default/files/styles/medium/public/2023/07/17/367493-img20201105023231874.jpg)
/wion/media/media_files/2025/02/25/yP8OzksXLGy4k1xy0E9e.jpg)
A massive data breach at a US employee screening company has exposed the personal information of over 3.3 million Americans.
DISA Global Solutions, a company that performs background checks and drug tests for some of the largest US firms, confirmed that it was a victim of a “cyber incident” in which hackers gained access to sensitive data, reported Newsweek.
Also read | Trump shuts US database tracking police misconduct by officers like Chauvin who killed George Floyd
DISA is one of the largest employee screening companies in the US, with a clientele including one-third of Fortune 500 listed firms and more than 55,000 customers in total. The breach highlights the need for cybersecurity in sensitive industries.
Who was affected, and what was leaked?
The filing stated that 3,332,750 people were affected by the breach, and identity theft protection services were provided.
Also read | Who are Lazarus hackers? All about the mystery gang behind the largest crypto heist ever
According to their website, the company offers various types of screenings and compliance solutions, including drug and alcohol tests and medical tests. For conducting the tests, DISA maintains details of private information, including medical history, work history, education, credit records, and criminal cases.
The leaked information included highly sensitive personal data, including Social Security numbers, credit card and financial account details, and government-issued identification documents.
Also read | US Court refuses to block Elon Musk, DOGE from accessing data, firing workers
The data breach
DISA said that the cyber attack occurred on February 9, 2024, and went unnoticed for two months. It added that they “could not definitively conclude the specific data procured.”
Watch | Fortune 500 companies affected by massive data leak; 3 million Americans' data exposed
The breach was discovered on April 22, 2024, after an internal probe revealed that an unauthorised party had gained access to a “limited portion” of the company’s network.
The nature and reason behind the cybercrime have not yet been identified. The company has also not explained why the breach was not filed with the authorities for a year.
(With inputs from agencies)