What was leaked in the US personal data breach which affected 3 million people?
The employee screening service that suffered the data breach contains a wide range of information including work history, credit data and more about applicants.
A massive leak of the personal details of over 3.3 million people in the US was exposed recently, after employee screening company DISA Global Solutions confirmed that they had suffered a data breach.
The company provides background checks, alcohol testing and drug testing services, among others, to more than 55, 000 US corporations, including Fortune 500 companies as well.
Also Read: Apple removes its most advanced data protection tool as UK demands access to user data
On Monday, they revealed in a filing with the office of the attorney general of Maine, that they had been the victim of a “cyber incident” affecting a section of their network on April 22, 2024.
Also Read: Consent, breach reporting discussed in data protection talks
An internal probe revealed that the hacker had infiltrated the company’s network on February 9, 2024, and had been able to access data unnoticed for over 2 months.
What was leaked?
DISA, in a letter to the people affected by the breach, initially only vaguely mentioned that the hacker had “procured some information” from its systems.
In a filing with the Massachusetts attorney general, DISA confirmed that 3,60, 473 had been affected and among the types of information stolen were the following:
- Social security numbers
- Financial accounts
- Credit/ Debit cards
- Drivers licenses
The report also confirmed that medical records of people had not been accessed.
In a statement regarding the data leak on its website, DISA stated that they did not have the means to detect the exact nature of the data that was accessed.
As a part of their employee screening process, DISA collects a wide range of personal information, including details about an applicant’s work history, educational background, criminal records, and credit history.