The Weekly Breach Breakdown Podcast by ITRC - February 2025 Notable Breaches - S6E8

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC’s) Weekly Breach Breakdown for March 14, 2025. I’m Timothy Walden. Thanks to SentiLink for their support of the ITRC and this podcast. Each week on this podcast, we look at the most recent events and trends related to data security and privacy. Today, we’ll discuss some of the most notable data breach exposures from February 2025, focusing on a breach that impacted millions of individuals and a couple of others worth noting.   

The most notable breach from February came from DISA Global Solutions, Inc., a background screening and drug testing service provider. This breach impacted  3.3 million current and former employees and prospective candidates for DISA’s customers.   

The breach occurred between February 9 and April 22, 2024, and was caused by an unauthorized actor gaining access to a limited portion of DISA Global Solutions’ network. Unfortunately, this breach exposed a wide variety of sensitive data. Affected individuals may have had their names, Social Security numbers (SSNs), driver’s license numbers, government IDs and drug testing information compromised. For Massachusetts residents, the breach even included financial data, such as credit card numbers.   

While DISA Global Solutions has taken steps to enhance its security since the breach was discovered, the incident raises  concerns about the vulnerability of background screening services, which handle sensitive personal and professional information. With millions of individuals impacted, this breach highlights the ongoing risks to personal data that come from organizations storing large volumes of sensitive information.   

In addition to the DISA Global Solutions breach, there were two other significant data breach exposures reported in February.   

The Hospital Sisters Health System (HSHS) experienced a breach affecting around 882,000 patients. This breach occurred between August 16 and 27, 2024, when unauthorized third parties gained temporary access to HSHS’s network. The data exposed includes names, birthdates, SSNs, medical record numbers, health insurance details and treatment information. This breach, especially with medical information involved, serves as a reminder of the importance of safeguarding healthcare data, which can be particularly lucrative for attackers looking to commit medical identity theft.   

Meanwhile, Globe Life Inc., an insurance provider, saw a data breach  that impacted approximately 850,000 customers. Discovered in June 2024 during a routine security review, this breach occurred when hackers gained unauthorized access to one of the company’s web portals. Affected customers had their names, SSNs, email addresses, phone numbers and health-related information exposed. The breach underscores the vulnerabilities faced by insurance companies, which often hold highly sensitive personal and financial data.   

Why does all of this matter? These breaches, while varied in scope and industry, all have one thing in common: they highlight how vulnerable sensitive personal data can be, even when stored by major corporations and healthcare systems. From background screening services like DISA to hospitals and insurers, organizations should ensure they are following best practices and industry standards to safeguard the data entrusted to them by consumers.   

The ITRC will continue to monitor any new details as they arise concerning data breach exposures. In the meantime, if you receive a data breach notice, follow the advice in the notice, watch for phishing attempts that claim to be from large recognizable companies, freeze your credit, use long and unique passphrases or passkeys, and implement multifactor authentication when possible.

If you want to know more about how to protect your business or personal information or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone or text, chat live on the web, or exchange emails during our regular business hours (6 a.m.-5 p.m. PT). Just visit idtheftcenter.org to get started.  

Thanks to SentiLink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts. We will return next week with another episode of the Weekly Breach Breakdown. I’m Tim Walden; until then, thanks for listening.