3.3 Million People Found Out 10 Months Later

DISA Global Solutions runs background checks and drug testing for tens of thousands of companies. They handle some of the most sensitive data you can imagine — Social Security numbers, financial accounts, government IDs.

The breach happened in April 2024. They didn’t notify the 3.3 million affected people until February 2025.

Ten months.

That’s ten months of exposed SSNs, financial details, and government IDs floating around before anyone was told to protect themselves.

Compliance frameworks love to talk about “timely notification.” But when companies sit on breach disclosures for nearly a year, what’s the point?

If you’re trusting a third party with sensitive data, you’re trusting their breach response too. Choose carefully.

Read more at Security Boulevard

3.3 Million People Found Out 10 Months Later

Related Posts

MOVEit Fallout: Nuance Communications to Pay $8.5 Million in Data Breach Settlement

1.4 Million Insurance Customers. One Social Engineering Call.

6 Million Qantas Customers. One Third-Party Call Center.

Hertz, Dollar, Thrifty: 1 Million People, Same Breach