Drug Free Workplace USA (DFW) is a third-party administrator of drug and alcohol programs and testing solutions. Their services assist various small and large-scale organizations, including offering background checks for applicants. The organization recently notified the Texas Attorney General of a data breach from two employee email accounts.
We know the attack involved an unauthorized party obtaining access to two employee email accounts but nothing else. The attack may have been possible following a phishing plot, or it could have occurred due to permission misconfigurations.
The breach notification online states the unauthorized party gained access between March 29th and May 24th, 2023. After learning of the breach, DFW launched an investigation with cybersecurity professionals. The investigation concluded on September 29th with a list of impacted individuals. On October 27th, the organization started notifying consumers.
DFW’s online notice does not indicate whose data may be at risk. However, the Attorney General filing suggests at least 1,300 Texans may have had data exposed. The total number of impacted people may be far higher.
The total number of impacted files is not public; however, the DFW website notice suggests taking safeguarding measures. Monitor accounts for suspicious activity, set up quick-freeze settings and multi-factor authentications, and invest in identity and financial fraud guarding services.