Dish Network on Tuesday revealed that the costly ransomware attack levied against it in February compromised the data of around 300,000 individuals, mostly current and former employees, as well as their family members.
But Dish's eagerly awaited data breach disclosure to the Maine Attorney General's office reveals that the attack seems to have spared Dish's much larger current and former customer ranks, which tally in the tens of millions.
Dish currently employs around 16,000 workers. Breached data reportedly included drivers licenses numbers and other sensitive personal information.
According to a letter sent to affected individuals by Dish, obtained by TechCrunch, the satellite TV turned wireless tech company “received confirmation that the extracted data has been deleted.”
Dish revealed two weeks ago to investors that the attack cost the company around $30 million to stop and recover from. Dish has not confirmed that it has paid the ransom, but cybercrime experts say such a rendering is typically the way these matters are handled by large companies.
Dish was reportedly attacked by Black Basta, a Russian-speaking cybercrime group that has emerged quickly with its "double-extortion" scheme -- not only does it steal sensitive data from large companies using Linux-based servers, it sets up a its own black market to exploit the stolen information should the victim company not pay up.
