DISH Ransomware Attack Impacted Nearly 300,000 People
Last week, American satellite TV giant DISH Network notified the Maine Attorney General regarding a data breach and provided a copy of the notification letter sent to affected individuals. According to the company's report to authorities, the incident involved over 296,000 current and former employees, their family members, and a limited number of other individuals. Allegedly, customer databases were not accessed in the incident.
The security incident initially came to the forefront in late February, when several DISH services, including its websites and applications, became inaccessible. Following an investigation, the company confirmed that the outage resulted from a cyber attack. At the time, DISH did not confirm whether customer or employee data had been exfiltrated in the attack.
While not confirmed, it is implied that DISH Network has paid a ransom by stating they "received confirmation that the extracted data has been deleted." Ransomware groups typically delete data or provide a decryption key only after a ransom has been paid. Therefore, it is highly unlikely that DISH could have received confirmation of data deletion without making any payment.
The Russia-linked Black Basta gang, who were allegedly behind the attack, have also not updated their data leak site with DISH. This is another potential sign that DISH gave into demands and paid a ransom to prevent the spread of data.
Employees and customers of DISH have been waiting three months to receive any insight into whether their potentially sensitive information was stolen. Notification letters were only sent to affected individuals as of May 15th. This notification revealed that hackers had access to driver's license numbers and other forms of identification, though DISH has stated that there is no evidence of this data being actively exploited.
Regardless, the company is taking precautionary measures. DISH is offering free credit monitoring services to affected individuals and scanning the dark web to keep an eye out for stolen data resurfacing. They are also performing online monitoring to ensure that any stolen information isn’t being sold or misused, despite the stolen data being allegedly deleted.