Full Report
Sweden will seek backdoor access to encrypted messaging apps. Critical RCE flaw discovered in MITRE's Caldera platform.
Analysis Summary
This article summarizes several distinct security events and developments, not a single, cohesive incident. Therefore, the timeline and detailed attack methodology sections will reflect the information available for the primary incident reported (the DISA Global Solutions breach) and note the other significant security findings mentioned.
# Incident Report: DISA Global Solutions Data Breach & Platform Vulnerability Disclosure
## Executive Summary
Texas-based employee screening company DISA Global Solutions disclosed a data breach in early 2024, compromising the personal information of over 3.3 million individuals, including Social Security numbers and financial details. Separately, a critical, easily exploitable Remote Code Execution (RCE) flaw (CVSS 10.0) was discovered and reported in MITRE's Caldera security training platform, posing immediate risk to users compiling agents.
## Incident Details
- **Discovery Date:** Early 2024 (specific date not provided for the breach)
- **Incident Date:** Early 2024
- **Affected Organization:** DISA Global Solutions
- **Sector:** Employee Screening / Background Check Services
- **Geography:** Texas, United States (Organization Location)
## Timeline of Events
### Initial Access
- **Date/Time:** Early 2024
- **Vector:** Unauthorized third-party access.
- **Details:** An "unauthorized third party accessed a limited portion" of the company's environment.
### Lateral Movement
- *Not detailed in the provided summary.*
### Data Exfiltration/Impact
- **Data Stolen:** Names, Social Security numbers, driver’s license numbers, other government ID numbers, and financial account information.
### Detection & Response
- **How it was discovered:** Disclosure by DISA Global Solutions (method of internal discovery not specified).
- **Response actions taken:** Offering free credit monitoring for affected individuals.
## Attack Methodology
For **DISA Global Solutions Breach**:
- **Initial Access:** Unauthorized third-party access.
- **Persistence:** *Not detailed.*
- **Privilege Escalation:** *Not detailed.*
- **Defense Evasion:** *Not detailed.*
- **Credential Access:** *Not detailed, but sensitive PII was acquired.*
- **Discovery:** *Not detailed.*
- **Lateral Movement:** *Not detailed.*
- **Collection:** Targeted collection of PII and financial data.
- **Exfiltration:** Data exfiltration occurred.
- **Impact:** Compromise of PII for over 3.3 million individuals.
**Separate Vulnerability Note (MITRE Caldera):**
- **Vulnerability:** Critical RCE flaw (CVE-2025-27364, CVSS 10.0) in the agent compilation/download API of the Caldera platform.
- **Impact:** Allows remote attackers to execute arbitrary code on the server running Caldera.
## Impact Assessment
- **Financial:** *Not detailed (costs associated with remediation/fines).*
- **Data Breach:** Personal Identifiable Information (PII) and financial account information for over 3.3 million people.
- **Operational:** *Not detailed.*
- **Reputational:** Significant reputational damage due to the scale and sensitivity of the compromised data.
## Indicators of Compromise
- **Network Indicators:** *None provided (URLs/IPs would relate to the threat actor, not disclosed).*
- **File Indicators:** *None provided.*
- **Behavioral Indicators:** Unauthorized access and data exfiltration activity.
## Response Actions
- **Containment measures:** *Not detailed beyond securing the "limited portion" accessed.*
- **Eradication steps:** *Not detailed.*
- **Recovery actions:** Offering free credit monitoring services to impacted users.
## Lessons Learned
- **Key takeaways:** Reliance on employee screening companies leads to centralized risk for highly sensitive data (SSNs, financial info). The existence of breaches involving this level of PII underscores the need for robust third-party risk management.
- **What could have been done better:** Immediate and transparent disclosure upon discovery; potentially stronger data segmentation/encryption if the unauthorized access compromised a "limited portion," suggesting scope limitation failed.
## Recommendations
- **Prevention measures for similar incidents:** Enhanced security vetting and continuous auditing of all third-party vendors handling PII and sensitive corporate data. Implement strong access controls (Zero Trust principles) to drastically limit the scope of initial access compromise.
- **For Caldera Users:** Immediately update the MITRE Caldera platform to the latest version to remediate CVE-2025-27364.