Employment screening provider DISA Global Solutions suffered a data breach, exposing the sensitive information of over 3.3 million individuals.
DISA Global Solutions, Inc., a provider of employment screening services including drug and alcohol testing and background checks, revealed that a data breach exposed the personal information of over 3.3 million individuals. The breach, which occurred between February 9 and April 22, 2024, was discovered on April 22, 2024, after an unauthorized third party gained access to sensitive data. Affected individuals were notified on February 26, 2025, after an internal forensics investigation confirmed the breach.
While the company’s investigation could not confirm the specific data accessed, it is believed that the breach involved a wide range of personal information, including names, Social Security numbers, driver’s license numbers, government IDs, financial account details, and other sensitive data elements. DISA has stated that it has yet to discover any evidence of misuse of the compromised information. As part of its response, DISA has implemented additional security measures, notified law enforcement, and offered impacted individuals a year of free credit monitoring and identity restoration services through Experian.
DISA expressed regret for the breach and the inconvenience it may cause affected individuals, outlining their commitment to addressing the incident with seriousness and urgency. Despite this, the company did not immediately respond to questions from HR Dive about the details of the attack or its broader impact.
When a company like DISA, trusted with sensitive personal data, gets breached, the consequences do not end with a press release or a year of credit monitoring. For millions of people, this is not just about data. It is about identity theft, financial risk, and the unsettling reality that their most private information is now out there. These breaches keep happening, especially in industries handling employment and HR data, yet companies still lag in securing what matters most. The real lesson here is not just about cybersecurity. It is about accountability. How many more of these breaches will it take before companies treat data protection as a non-negotiable priority?
DISA is a provider of employment screening services, including background checks, drug and alcohol testing, and compliance solutions for various industries.
Exposure of personal information can lead to identity theft, financial fraud, and unauthorized access to sensitive employment records, potentially affecting hiring decisions and personal security.
Depending on jurisdiction, DISA may face fines, lawsuits, and regulatory scrutiny, especially if found negligent in protecting customer data.
Employers should vet third-party vendors for strong cybersecurity practices, enforce data encryption, and require regular security audits to minimize risks.