Companies that handle massive amounts of user data are often the least careful with it. Last year, the National Public Data (NPD) breach exposed 2.7 billion records. The company’s entire business model was built around collecting data from public sources to create detailed user profiles for people in the U.S. and beyond. Now, another breach has surfaced—this time affecting DISA Global Solutions, an employee screening provider. The breach has exposed the data of over 3.3 million individuals, raising serious concerns about how sensitive personal information is handled. Millions are now at risk of identity theft and fraud.
What you need to know
DISA Global Solutions, a company specializing in employee screening services, recently disclosed a major data breach affecting over 3.3 million individuals. The Texas-based firm serves more than 55,000 businesses, including a third of Fortune 500 companies, offering background checks, drug and alcohol testing, and compliance solutions.
The breach began on February 9, 2024, when an unauthorized party gained access to part of DISA’s network. Shockingly, the intrusion went undetected for over two months until the company discovered the “cyber incident” on April 22, 2024. Following the breach, DISA launched an internal investigation with help from third-party forensic experts to assess the damage.
It’s still unclear how the attack happened—DISA hasn’t confirmed whether phishing, malware, or another method was used. However, the fact that hackers had access for months without detection points to serious gaps in the company’s monitoring systems. Adding to the concern, nearly a year passed before the public was notified, which raises serious questions about DISA’s cybersecurity measures and response time.
SPOTIFY PLAYLISTS ARE BEING HIJACKED TO PROMOTE PIRATED SOFTWARE AND SCAMS
What data got stolen?
The hackers accessed a trove of sensitive personal information, though DISA has admitted it cannot definitively confirm the full scope of the stolen data. According to filings with the Attorneys General of Maine and Massachusetts, the compromised information includes Social Security numbers, financial account details (such as credit card numbers), driver’s licenses, and other government-issued identification documents.
Given DISA’s role in employee screening, the breach likely exposed data collected from background checks and drug tests, potentially including employment histories, criminal records, and even health-related information. The notification to affected individuals—over 360,000 of whom are Massachusetts residents and 15,198 from Maine—underscored the breadth of the incident, affecting a staggering 3,332,750 people nationwide.
We reached out to DISA but did not hear back before our deadline.
9 WAYS SCAMMERS CAN USE YOUR PHONE NUMBER TO TRY TO TRICK YOU
5 ways you can stay safe
If you’ve undergone a background check or drug test through an employer or prospective employer, your data might be among the millions exposed in this breach. Here are five practical steps to protect yourself:
1) Monitor your financial accounts: Regularly check your bank statements, credit card transactions, and credit reports for suspicious activity. The breach exposed financial details, making unauthorized transactions a real risk. Consider setting up alerts for any unusual activity.
2) Enroll in credit monitoring: DISA is offering affected individuals 12 months of free credit monitoring and identity restoration services through Experian. Take advantage of this by enrolling before the June 30 deadline to keep tabs on your credit and detect potential misuse early.
3) Place a fraud alert or credit freeze: Contact one of the major credit bureaus (Equifax, Experian, or TransUnion) to place a fraud alert on your file, which makes it harder for thieves to open accounts in your name. For stronger protection, consider a credit freeze, which restricts access to your credit report entirely.
4) Be wary of phishing attempts and install strong antivirus: With personal details in the hands of cybercriminals, expect an uptick in targeted scams. Avoid clicking links or sharing information in unsolicited emails, texts, or calls claiming to be from DISA or related entities.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
5) Invest in data removal services: In light of these recurring data breaches, taking proactive steps to protect your personal information is crucial. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 200+ data brokers. You can add up to 3 emails, 3 home addresses and 3 phone numbers (U.S. citizens only) and have them removed from data-broker databases. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
Kurt’s key takeaway
The DISA Global Solutions data breach isn’t just a mistake—it’s a complete failure. A company that handles sensitive data for millions, including Fortune 500 clients, let hackers lurk in its systems for over two months. Worse, it took ten months to tell the public. That’s not just negligence; it’s a betrayal. Now, 3.3 million people are left dealing with the fallout while DISA offers a token year of credit monitoring as if that fixes anything. The real cost is years of potential identity theft and financial damage.
How do you feel about companies that collect and sell data? Do you think they should be held accountable for breaches? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.