US Satellite TV giant Dish Network says a recent ransomware attack impacted almost 300,000 people, & its notification suggests a ransom has been paid.
Dish Network has started notifying the individuals whose data was compromised in a recent ransomware attack.
The company informed the US state of Maine Attorney General about the data breach last week & shared a copy of the notification letter sent to impacted people. Dish told authorities that the incident impacted over 296,000 individuals.
No Evidence
The notification letter reveals that while there is no evidence of customer databases being accessed by hackers, the stolen data does include employee-related records and personal information. This includes former employees & their family members.
The security incident emerged in late Feb., when various Dish services, including its websites & applications, became inaccessible. The company later confirmed that the outage was caused by a ransomware attack & admitted that personal information may have been stolen.
“We are not aware of any misuse of your information, & we have received confirmation that the extracted data has been deleted,” Dish is now telling impacted individuals.
Stolen Data
The fact that it has received confirmation of the stolen data being deleted suggests that it has paid a ransom to the cyber-criminals.
If, as reported, the Russia-linked Black Basta ransomware group is behind the attack, paying the ransom would explain why Dish has not been named on the cyber-criminals’ leak website.
In the letter sent to customers, Dish noted that while it has no evidence of personal data being misused, it is still offering credit monitoring services to impacted people & it’s scanning the web, including the dark web, to ensure that the stolen data doesn’t surface.