Dish Network says the February ransomware attack impacted +300,000 individuals

Satellite TV giant Dish Network disclosed a data breach after the February ransomware attack and started notifying impacted individuals.

The American satellite broadcast provider Dish Network went offline on February 24, 2023, the outage impacted Dish.com, Dish Anywhere app, and many other services owned by the company.

In early February, the company admitted that the outage was caused by a ransomware attack.

According to BleepingComputer, the company was a victim of the Black Basta ransomware operation.

The threat actors initially compromised the company’s Windows domain controllers and then encrypted the VMware ESXi servers and backups.

Now the Satellite TV giant has started notifying the impacted 296,851 individuals. The company pointed out that there is no evidence of misuse of stolen information and confirmed that its customer databases were not accessed. Threat actors had access to certain employee-related records and personal information.

“We have since determined that the extracted data includes some of your personal information. We are not aware of any misuse of your information, and we have received confirmation that the extracted data has been deleted.” reads the data breach notification letter sent to the impacted individuals and shared with the Maine Attorney General. “Nevertheless, we are writing to notify you of this incident and to provide you with the information and resources contained in this letter, including the details of an offer for free credit monitoring through our vendor TransUnion.”

The above statement also suggests that the company paid a ransom to avoid their data being leaked online, in fact, it highlights that it has received confirmation that the extracted data has been
delete.

“We have since determined that our customer databases were not accessed in this incident. However, we have confirmed that certain employee-related records and personal information (along with information of some former employees, family members and a limited number of other individuals) were among the data extracted.” continues the letter.

The company recommends the impacted individuals regularly review their account statements and credit history for any suspicious activity and remain vigilant against threats of identity theft or fraud;

Individuals that suspect they are the victim of fraudulent activities are urged to contact their local police.

We are in the final

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Dish)