DISA Global Solutions (background check, drug testing, and employment screening provider to 55,000+ companies including 135 Fortune 500 firms) was breached for 100+ days before discovery on 22 April 2024. The company did not begin notifying the 3.3 million affected individuals until 21 February 2025 — a 305-day delay from discovery. Exposed data potentially included SSNs, driver’s license numbers, financial account information, and other PII. Data appeared on the dark web. Multiple class action lawsuits filed.