Data violation of employment investigations concerns 3.3 million people

A data violation at Disa Global Solutions, Inc., a third-party provider of employment demonstration services, that those affected are more than 3.3 million people, said the company.

The company, which offers drug and alcohol tests and background reviews, announced that it was discovered on April 22, 2024 that it was a victim of a cyber attack that granted access to personal data from individuals from February 9, 2024 to April 22, 2024, the company shared in a statement on its website.

Disa said that the forensics examination “could not finally complete the information that was bought”, but contained the information, social security numbers, driving license numbers, other state ID numbers, financial account information and other data elements that were accessed on the personal information.

People who are affected by the violation were informed on Friday in accordance with the letter submitted with the general prosecutor’s office of the Maine. Disa said it was “not an attempt or actual abuse of information that is involved in this incident”.

The company said it contained the incident, informed the law enforcement authorities and took additional security measures. In addition, affected persons will give the affected persons access to a free year of loan surveillance and identity restoration services via Experian.

“We take this incident seriously and sincerely regret any inconvenience that can cause this incident to affected people,” said Disa. The company did not immediately answer questions from the HR dive.

DISA data injury is the youngest in a number of cyber attacks that are aimed at company service companies.

In July 2024, a worker in Florida submitted a class action against Paychex after a data injury in April unveiled the names and social security numbers of employees at the salary accounting company. The employee claimed that the company was waiting for a month before he started to notify affected people.

Especially in 2021, the HR provider UKG was involved in a serious data injury that has had the central personnel functions of the customers for weeks, and led to a compensation of millions of dollars for lost wages, benefits and compensation.