- DISA confirms that computer pirates were present for more than two months
- They diverted confidential data about hundreds of thousands of users
- The company did not say how it committed
The American employee detection company has confirmed that suffering a cyber attack in which it lost customer confidential data.
In a non -compliance notification letter sent to the affected persons, as well as in the reports presented to the offices of the Attorney General of Maine and Massachusetts, the company said it discovered a violation, impacting a “limited portion” of its network, on April 22, 2024.
The subsequent investigation determined that the threat actors, who were not identified, agreed to the company’s infrastructure on February 9 and remained for almost three months, during which criminals managed to obtain “information” about DISA clients.
3.3 million affected
“Although our forensic research could not definitely conclude the specific data acquired, DISA carried out a detailed and intensive review in the time of the affected files to identify the personal information contained in it,” says the letter.
The company added that there is currently no evidence to suggest that the data was misused in other attacks.
In the presentation before Maine’s attorney general, Disa said that the total number of people affected is 3,332,750. In the presentation of the Massachusetts AG, he said that the stolen data included the social security numbers of the people, the information of the financial account (credit card numbers included) and identification documents issued by the Government, more than enough data to execute phishing scams, identity theft and even fraud to the cable.
We do not know who the attackers were or what is their final objective. Nor do we know how they managed to infiltrate DISA, and whether or not they tried to extort the company for stolen information.
DISA Global Solutions is a prominent American company that specializes in detection of employees, drugs and alcohol, and compliance solutions. According to its website, Disa serves more than 55,000 clients in various industries, including transport, energy, manufacturing and medical care. Supposedly, approximately 30% of Fortune 500 companies use DISA services.
Through Techcrunch
