DISH, a US satellite broadcast provider, has begun notifying over 296,000 employees and their family members that a ransomware attack exposed their personal data, including driver’s license numbers, and hints at paying the ransom.
The satellite comms company sent breach notification letters to affected customers detailing the attack, which resulted in attackers taking sensitive employee-related data.
The company confirmed the attack to Cybernews earlier this year, saying that “a cybersecurity incident that has affected some of our internal communications, customer call centers, and internet sites.” However, the breach notification letter indicates customer data was not compromised.
“We have since determined that our customer databases were not accessed in this incident. However, we have confirmed that certain employee-related records and personal information (along with information of some former employees, family members and a limited number of other individuals) were among the data extracted,” DISH’s letter said.
Information that DISH provided to the Maine Attorney General shows that the data breach impacted over 296,000 people. The company informed Maine authorities that threat actors acquired victims’ “names or other personal identifiers” driver’s license numbers or other non-driver ID card numbers.
Cybercriminals can use personal information to commit fraud, from identity theft and phishing attacks to opening new credit accounts, making unauthorized purchases, or obtaining loans under false pretenses.
After the breach, DISH filed a formal report with the Securities and Exchange Commission (SEC), as required by law, confirming that the cybersecurity incident was a ransomware attack.
The company believes the attack happened on February 23rd, yet DISH became aware of unauthorized access to its systems on February 27th. The comms firm said it took until May 8th to sort what type of data was exposed and who was affected by the attack.
Interestingly, the company’s letter to breach victims states that DISH “received confirmation that the extracted data has been deleted.” That strongly points to the company paying the ransom, as attackers generally promise to provide a decryptor and delete data they stole after victims pay up.
Cybersecurity experts advise against succumbing to criminals’ demands since organizations that do so are often targeted with subsequent attacks. The FBI and law enforcement agencies are also against ransomware payments.
DISH said it would offer all potentially affected users credit monitoring services and would monitor the dark web, where stolen data usually ends up, for evidence that the extracted data has been misused.
DISH provides services for 19 million customers under its subsidiaries, including DISH TV network, Sling TV, and wireless carrier Boost Mobile. The company employs around 16,000 staff and enjoyed over $17 billion in revenue last year.
Your email address will not be published. Required fields are markedmarked