A large cyber attack in the US leading background verification and employee screening company Disa Global Solutions leaked private information of more than 33 lakh people. Hackers made a access to sensitive information by breaking into the company's security system, including social security numbers, credit card details and government identity cards.

Surprisingly, the attack started on 9 February 2024, but it took the company's security team to catch it for two months. On 22 April 2024, this data breech was detected, which raised the question of how such a large amount of data handled companies can have such a big flaws at the security level.

How did the data bare?

According to the official report recorded in the Maine Attorney General's Office, Disa Global Solutions publicly confirmed this data violation on 24 February 2025. However, the company has not yet understood how much information has been stolen.

The internal investigation found that hackers infiltrated the company's network in early February 2024, but was detected in late April. During this time hackers had unauthorized access to about two months, which is expected to stole a large amount of sensitive data.

What information was stolen?

According to the regulatory information conducted in various states, the following information has been stolen:

• Social Security Number – Threat of identity theft
• Credit card and bank account information – Risk of financial fraud
• Government ID – including driving license and passport
• Employment history and background data – can be used in corporate profiles and scams.

Disa response: insufficient safety measures?

After this attack, Disa made claims of improving its cyber security and started investigating the case with the help of forensic experts. But security experts believe that such delays and ambiguity reveal the weaknesses of the company's security system.

What should the affected users do?

If you feel that your data is affected in this violation, then take these steps immediately:

• Monitor your financial accounts and pay attention to suspicious transactions.
• Freeze or lock the credit so that no one can open a new account with fraud.
• Change passwords and safety questions of important accounts.
• Beware of fishing scams, which can appear as banks or government agencies.
• Use professional service to protect identity from theft.

Cyber ​​security seriousness

DISA Data Breach has once again proved that the cyber security of companies is still weak. Hackers will continue to take advantage of security flaws in the same way until companies prioritize data security.

Data security is not only the responsibility of companies, but it should be shared by companies, regulators and individuals.

Disclaimer: This article has been written only aimed at increasing public awareness towards cyber security threats. The data violation described in it took place more than a year ago. The purpose of the article is to warn the readers to the risk of cyber attacks and the importance of data security.