Last week, DISA Global Solutions, Inc. filed a notice of data breach with the Attorney General of Maine after it was discovered that the company was the victim of a cyberattack. According to the disclosure, more than 3.3 million people saw their data leaked.
DISA performs background checks and drug tests for some of the largest companies in the United States. It is one of the largest screeners in the country today.
According to reports, hackers were able to gain access to private data contained on the company’s networks – and it included social security numbers, credit card numbers, driver’s license numbers, and government identification. DISA’s clients include around one-third of the companies on the Fortune 500 list, with more than 55,000 total customers.
In the filing with Maine’s attorney general, DISA acknowledged that the attack occurred on February 9, 2024, but went unnoticed for two months. The company was unable to “definitely conclude” what data may have been compromised, but it acknowledged that 3,332,570 individuals were affected.
One-Stop Shop For Hackers
DISA, which is headquartered in Houston, TX, provides drug and alcohol testing, background checks, transportation compliance, occupational health screenings, and workplace safety programs. It serves several industries, including transportation, energy, construction, and manufacturing.
For hackers, screening companies could be in the crosshairs for the sheer amount of personal information they gather on their clients.
“Background check companies are prime targets for cybercriminals because they store vast amounts of highly sensitive personal data, including Social Security numbers, financial details, government IDs, and employment histories,” warned Cory Michal, chief security offers at cybersecurity provider AppOmni.
Unlike financial institutions, which must adhere to strict cybersecurity regulations, screening companies often operate with less security budget and weaker security controls, making them more vulnerable to attacks, Michal told ClearanceJobs.
“Their extensive data retention practices further increase the risk, as personal information remains stored for years, providing cybercriminals with a one-stop shop for identity theft, fraud, and social engineering attacks,” he added. “Additionally, many background check firms lack advanced monitoring and forensic capabilities, leading to prolonged undetected breaches, as seen in the DISA Global Solutions breach where attackers had access for over two months before detection.”
The information stolen in this hack would be quite valuable to cybercriminals.
“Attackers can use this data for identity theft, creating fraudulent accounts, applying for loans or credit cards, committing unemployment insurance frau,d and committing tax fraud,” said Michal. “Synthetic identity fraud is another major risk, where criminals combine stolen data with fake information to build new identities for financial crimes.”
Additionally, cybercriminals could leverage the information obtained in this breach to launch phishing and social engineering attacks on the clients, tricking victims into revealing more credentials or bypassing multi-factor authentication (MFA).
“Stolen employment history and background check details can also be used for corporate espionage or insider threats, where attackers impersonate employees or gain unauthorized access to company systems,” said Michal.
The data could pave the way for more personalized attacks as well.
“If medical screening or drug testing data were compromised, victims could also face privacy violations or blackmail risks,” Michael continued. “Given the broad scope of this breach, affected individuals should monitor their financial accounts, enable identity protection services, and stay vigilant against targeted scams.”
Internal Security Gaps Remain a Concern
The fact that the hack went unnoticed for two months is alarming for those whose data may have been compromised, but it isn’t really that surprising.
“Organizations may take a long time to detect malicious activity due to a combination of internal security gaps, insufficient monitoring, and sophisticated attack techniques,” explained Michal.
At issue is that many companies lack high-quality threat detection and response capabilities, relying instead on periodic audits or reactive security measures. At the same time, attackers may use tactics, such as living-off-the-land (LotL) techniques, where they exploit legitimate system tools to avoid detection.
“Additionally, organizations may not have comprehensive logging and forensic capabilities, making it difficult to trace unauthorized access or data exfiltration after a breach has occurred,” added Michal.
Securing the Data
Better data protection processes are required, but that may not be enough.
“These companies should be subject to strict cybersecurity laws and standards, similar to those imposed on institutions under HIPAA or PCI-DSS, including mandatory encryption, continuous monitoring, and breach detection requirements. Additionally, they should face clear liability for data breaches, with financial penalties and mandatory compensation for affected individuals,” Michal suggested. “Stronger data retention policies should also be enforced, preventing unnecessary long-term storage of sensitive information. Without robust federal regulations and industry-specific security mandates, these breaches will continue to expose millions to identity theft, fraud, and financial loss.”
