DISA Data Breach Affects Over Three Million Americans

On April 22, 2024, DISA Global Solutions, Inc., a leading provider of employee screening and compliance services, discovered one of the biggest data breaches of the year, as it has affected approximately 3,332,750 individuals across the United States. The breach, which occurred on two separate dates, February 9, 2024, and April 22, 2024, resulted in the exposure of a wide range of sensitive personal and health information.

The scale of the breach is notable, with 687,033 individuals affected in Texas, 15,198 in Maine, and 360,473 in Massachusetts alone. The breach was officially disclosed to state authorities in Oregon, Vermont, Massachusetts, Texas, Maine, and California between February 21 and February 27, 2025. DISA notified consumers by U.S. mail, email, publication in print media, and posts on its website. The company’s disclosures can be reviewed through the Maine Attorney General’s office, Texas Attorney General’s office, Massachusetts Attorney General’s office, California Attorney General’s office, Vermont Attorney General’s office, and Oregon Attorney General’s office.

The breach exposed both personally identifiable information (PII) such as names, addresses, Social Security numbers, dates of birth, and government-issued ID numbers were exposed. Additionally, protected health information (PHI), including medical and health insurance details were involved.

Due to the breadth of the data involved, affected individuals may be at increased risk for identity theft, financial fraud, and medical identity theft. At this time, the precise method by which the breach occurred and the responsible parties have not been disclosed, but the range of information exposed suggests a significant compromise of DISA’s data systems.

DISA Global Solutions, Inc's response

Following the discovery of the breach, DISA Global Solutions, Inc. promptly notified affected individuals and relevant state authorities. The company used multiple notification methods to reach as many impacted people as possible, including U.S. mail, email, print media, and updates on its website. While details about specific support resources have not been provided, individuals whose information was compromised should take immediate steps to protect themselves.

If you believe you may have been affected by this breach, it is important to:

1. Monitor your financial accounts and credit reports for any suspicious activity.
2. Consider placing a fraud alert or credit freeze with the major credit bureaus.
3. Watch for any signs of medical identity theft, such as unfamiliar medical bills or insurance claims.
4. Be cautious of phishing attempts or scams that may use your exposed personal information.
5. Contact your health insurance provider to review recent claims and ensure your coverage has not been misused.

For more details about the company and its services, visit the DISA Global Solutions website.