300,000 Affected by DISH Data Breach

Wednesday, 24 May 2023
dish.jpg

Investigations into a ransomware attack on the DISH Network in February have revealed that the intruders were able to gain access to the personal information of roughly 300,000 customers. The ransomware attack itself left DISH's internal communications systems, customer call centres and websites in disarray.

In a breach notification sent out on May 18, DISH confirmed that personal data was exfiltrated, including information pertaining to customer driver licences. The statement confirms that the attack began on February 23, and forced DISH to shut down internal systems while cybersecurity experts were called in to analyse the damage and law enforcement was notified of the situation.

"We have since determined that our customer databases were not accessed in this incident. However, we have confirmed that certain employee-related records and personal information (along with information of some former employees, family members and a limited number of other individuals) were among the data extracted," DISH said.

"The process of locating personal information in the extracted dataset and matching that information to individuals so that we could notify them was complex and time-consuming. This work was substantially completed on May 8, 2023. We then began notifying the list of persons whose personal information is confirmed to have been included."

The statement mentions that DISH has "received confirmation that the extracted data has been deleted". Alpha Safe interprets this as a tacit acknowledgement of the ransom being paid. While tempting, Alpha Safe encourages ransomware victims not to pay the ransom, and instead work with Alpha Safe staff to restore data from backups. There is no guarantee that cybercriminals will delete stolen data after a ransom has been paid, and the data can be almost untraceable once stolen.

"We are conducting online monitoring and dark web scanning, and we have no evidence the extracted data has been misused. The results of the monitoring are consistent with the confirmation that the extracted data has been deleted," the notification said. "In particular, the monitoring has not revealed any evidence that your personal information has been published, traded, sold, or otherwise misused."

As recompense, DISH is offering two years of free credit monitoring services to those affected by the data breach. However, the company is currently facing a class action lawsuit pertaining to their handling of the incident, and the statements made about the situation to the media.

Enjoyed this article? Please consider donating!
Donate
* Alpha Safe journalism is funded exclusively by your donations. We care about your online safety, so we will never display ads, as they could serve you malicious content. We also believe journalism should be available for all, and will never hide our articles behind a paywall. As such, your donation would be very much appreciated.

Most Recent

31 July 2023

Hell Pizza Suffers Credential Stuffing Attack

14 July 2023

Wellington City Council Data Breach

8 July 2023

Event Secretary Data Breach

2 July 2023

TSMC Data Breach; Hackers Demand $70m Ransom

27 June 2023

Suncor Energy hit by Giant Cyberattack

21 June 2023

Kiwis Losing $2M Every Month To Cybercriminals

18 June 2023

Eftpos Provider Smartpay Suffers Ransomware Attack

17 June 2023

Colossal Louisiana Driver Licencing Data Breach

14 June 2023

Russian Hackers Breach Ulez Database

9 June 2023

Thousands of Companies' Data Stolen Through MOVEit Flaw