Disability Services of the Southwest

Disability Services of the Southwest (DSSW) is an organization headquartered in the United States that operates an employment and training website. The organization's name indicates a focus on serving individuals with disabilities, and its website facilitates job placement and training programs. Through this platform, DSSW collects and manages personal information from job applicants, including names, contact details, and job preferences, as well as data from current and former employees such as addresses, employee IDs, and training records. This handling of personal data indicates that DSSW's core services involve supporting employment and training outcomes for its clientele. The organization maintains separate storage for highly sensitive financial data and Social Security numbers, a practice that limited the exposure of such information during a security incident. By segregating critical financial identifiers from other personal data, DSSW employs a data protection strategy that reduces risk in the event of a breach. The organization's operations appear to be regionally focused on the Southwest United States, as implied by its name, though specific geographic reach is not detailed in available information.

In September 2022, DSSW experienced a ransomware attack that encrypted files on its employment and training website during a brief period of unauthorized system access. The attack did not confirm data theft, but the potentially compromised information included applicant and employee personal details such as names, contact information, job preferences, addresses, employee IDs, and training records. Notably, sensitive financial data and Social Security numbers remained secure due to their separate storage. Following the incident, DSSW reported the breach to multiple authorities, including the Department of Health and Human Services (HHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI). This reporting indicates compliance with regulatory breach notification requirements. In response to the attack, DSSW implemented verified anti-ransomware software and upgraded its backup infrastructure, strengthening its defensive posture against future threats. The incident underscores the cybersecurity vulnerabilities that can affect organizations handling personal data and the importance of layered security measures, including data segregation and robust backup systems. DSSW's post-incident enhancements reflect a commitment to improving its security controls following a significant disruption.