A handful of major data breaches that occurred in 2024 have already come to light in the last few months (including the PowerSchool and Community Health Center incidents), the latest of which affected a major employment screening and background check service and compromised information from more than 3.3 million people.
DISA Global Solutions provides background checks for more than 55,000 employers across the country, and its systems were compromised for more than two months last year.
What happened with DISA?
According to the company’s filing with the Maine attorney general’s office, hackers accessed DISA’s system between Feb. 9, 2024 and April 22, 2024 (when the breach was discovered) and stole the data of 3,332,750 individuals
In its letter notifying consumers of the breach, DISA did not provide specifics as to what was stolen, noting simply that the hackers “procured some information.” However, an additional filing located by TechCrunch indicated that the breach included Social Security numbers, medical records, financial account information, credit and debit card numbers, and other government-issued documents.
In conducting background checks, DISA collects a wide range of consumer data, including credit, education, and employment histories; driving records; drug tests; references from employers and landlords; and criminal and civil legal filings.
What you can do if your data was stolen
The best you can do after a data breach is to pay attention to your personal accounts, follow basic security best practices—such as being especially vigilant with suspicious communication that might be a phishing attempt—and lock down as much as possible to prevent any further damage being done with your information.
If you haven’t already, you should take steps like freezing your credit and placing a fraud alert to prevent anyone from taking on debt in your name, as well as considering identity protection services that can notify you of anything suspicious. You can also set up protections for your SSN so no one can take on employment or file taxes fraudulently.
As of Feb. 21, DISA is notifying consumers affected by the breach and offering a 12-month membership to Experian’s IdentityWorks identity monitoring service. To enroll, go to the IdentityWorks website and enter the activation code in your notice. You must sign up by June 30, 2025.
