- Disa confirms that the pirates were present for more than two months
- They have siphoned sensitive data on hundreds of thousands of users
- The company did not say how it had been compromised
The US Disa employee screening company has confirmed the suffering of a cyber attack in which it has lost sensitive customer data.
In a letter of notification of violation sent to affected persons, as well as in the reports filed with the prosecutor’s Offices of Maine and the Massachusetts, the company said that it had discovered a violation, which has an impact on a “limited part” of its network on April 22, 2024.
The subsequent investigation determined that the threat actors, who were not appointed, reached the company’s infrastructure on February 9 and dwell on for almost three months, during which the crooks managed to seize “some information” on DISA customers.
3.3 million assigned
“Although our forensic survey cannot definitively conclude the specific data obtained, Disa has carried out a detailed and prolonged examination of the files assigned to identify the personal information contained therein,” said the letter.
The company has added that there is currently no evidence suggesting that the data has been used in the wrong ones in other attacks.
In the file with the Maine Attorney General, Disa said that the total number of people affected was 3,332,750. In the deposit with the Massachusetts GA, he said that stolen data included people’s social security numbers, information on financial accounts (credit card numbers included) and identification documents issued by the government – more than enough data to execute phishing, identity theft and even wired fraud.
We do not know who the attackers were, nor what their end goal is. We also don’t know how they managed to infiltrate Disa, and whether or not they tried to start the company for stolen information.
Disa Global Solutions is a leading American company specializing in the screening for employees’ history, drug and alcohol tests and compliance solutions. According to its website, DISA serves more than 55,000 customers in various industries, including transport, energy, manufacturing and health care. Acrtained, around 30% of fortune companies 500 use DISA services.
Via Techcrunch
