DISA Global Solutions, a U.S.-based provider of employee screening services, has said it suffered a data breach that affects more than 3.3 million people.
DISA, which provides services like drug and alcohol testing and background checks to more than 55,000 enterprises and a third of Fortune 500 companies, confirmed the data breach in a filing with Maine’s attorney general on Monday.
DISA said it discovered it had been the victim of a “cyber incident” that affected a “limited portion” of its network on April 22, 2024. An internal investigation determined that a hacker had infiltrated the company’s network on February 9, 2024, where they went unnoticed for over two months.
In a letter sent to those affected by the data breach, which includes individuals who underwent employee screening tests, DISA said the attacker “procured some information” from its systems.
In a separate filing with the Massachusetts attorney general, DISA confirmed the stolen information included individuals’ Social Security numbers; financial account information, including credit card numbers; and government-issued identification documents. This filing confirmed that more than 360,000 Massachusetts residents were affected by the breach.
However, in its data breach notification letter, DISA said it “could not definitively conclude the specific data procured,” suggesting the company does not have the technical means, such as logs, to detect exactly what internal data was accessed or exfiltrated.
According to its website, DISA collects a wide range of personal and sensitive information, including details about an applicant’s work history, educational background, criminal records, and credit history.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
It’s not yet known who was behind the cyberattack or how the organization was compromised. It’s also unclear why it has taken DISA so long to notify affected individuals about the breach.
DISA did not immediately respond to TechCrunch’s questions.
