The cyberattack occurred between February 9 and April 22, 2024, with the breach reported to relevant authorities in February 2025.

The breach, discovered in April 2024, involved unauthorized access to sensitive information, including Social Security numbers and personal identification details.

Calls for stronger liability for data breaches are growing, including financial penalties for companies and enforcement of stricter data retention policies.

While DISA's investigation revealed that sensitive data from 3,332,750 people may have been accessed, there is currently no evidence of misuse or further dissemination of the data.

The delay in notifying affected individuals has raised questions about DISA's data security measures, especially given the sensitive nature of the employee screening industry.

DISA Global Solutions has confirmed a significant data breach affecting over 3.3 million individuals, primarily linked to their employee screening services.

Experts warn that the exposed data could lead to increased risks of identity theft and fraud, including synthetic identity fraud and phishing attacks.

DISA has established a dedicated call center to address inquiries related to the breach and has begun sending notification letters to affected individuals.

Affected individuals are advised to remain vigilant and consider placing fraud alerts or security freezes on their accounts to protect against identity theft.

The breach has raised concerns about the security of personal data, prompting DISA to notify affected individuals and offer credit monitoring and identity restoration services.

Background check firms like DISA often operate with smaller security budgets and weaker controls, making them more vulnerable to breaches.

This incident underscores the growing vulnerabilities in the employee screening industry, leading to calls for stricter regulations and improved security practices.