DISA discloses that the breach included customer Social Security number and other sensitive financial data.