Dish confirms 300,000 people's data was exposed in February's attack

2023-05-23 16:43

Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also appearing to indirectly admit it may have paid cybercriminals to delete said data.

Dish customers can rest easy, at the very least, as the company said in a sample letter posted to the Maine Attorney General's breach notification website that customer databases weren't accessed and the stolen data belonged instead to employees both past and present, their family members, "And a limited number of other individuals" that Dish didn't specify.

SpaceX: 5G expansion could kill US Starlink broadband Dish Network hit with $280 MEEELLION fine for relentless robocalling T-Mobile has a network, Dish has spectrum it can't use.

Dish has been generally quiet about the attack since late February, when it admitted there was an incident, filed a form with the Securities and Exchange Commission to notify it of the breach, and admitted that some internal data had been stolen without confirming what it was or from where.

Reports from February citing internal Dish sources claim the Black Basta ransomware gang was behind the break-in at Dish, and in its template letter [PDF] notifying affected individuals of the incident, the company sought to reassure recipients that there's no evidence the extracted data has been misused, and that it believes the data has been deleted.

"We have received confirmation that the extracted data has been deleted," Dish said, adding that it has been monitoring the dark web and criminal forums for signs the data is available online.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/23/dish_networks/

#attack