Dish Network, a satellite television provider, recently announced that it received confirmation that data stolen in a ransomware attack last February has been deleted. The breach initially disrupted the company’s network and services on February 23, and the company later revealed that the attack affected internal servers and communications, and that personal data may have been compromised.
In a breach notification letter, Dish said that while customer databases were not accessed during the attack, certain employee-related records and personal information of former employees, family members, and a limited number of other individuals were among the data that was extracted. Stolen data included “Name or other personal identifier in combination with: Driver’s License Number or Non-Driver Identification Card Number,” according to the Office of the Maine Attorney General’s website.
Furthermore, the notification letter suggested that Dish paid the ransom. Ransomware gangs typically delete stolen data or provide a decryption key only after the victim pays an extortion fee. However, Dish Network has not responded to TechTarget Editorial’s inquiry about whether it paid the ransom and how it confirmed that cybercriminals deleted the data stolen in the attack.
This is not the first time that a company has referenced the deletion of stolen data in a breach notification. When digital marketing platform WordFly suffered a ransomware attack in July 2022, the company published a FAQ indicating that it had paid a ransom in exchange for the threat actors deleting stolen customer data. The company’s business development director, Kirk Bentley, wrote in the FAQ that “as of the evening of July 15, 2022, that data has been deleted from the bad actor’s possession.”
Dish notified affected customers of the breach and also offered them free credit monitoring services through its vendor TransUnion. The company stated that it was not aware of any misuse of the extracted data, but it felt it was necessary to inform customers about the incident.
The incident highlights the importance of ransomware preparedness for businesses. Companies should implement proper cyber security measures such as data backups, user training, and multi-factor authentication to prevent malware from infiltrating the network, especially since ransomware attacks have been on the rise in the past year.
Furthermore, companies must also have a response plan in place in case of a ransomware attack. It is critical to have an incident response team that can quickly identify the extent of the attack and take immediate action to mitigate the damage. Having an experienced incident response team can help minimize the impact of the attack and increase the likelihood of recovering stolen data.
The recent breach suffered by Dish Network highlights the need for businesses to take ransomware attacks seriously. Companies should prioritize cybersecurity and ransomware preparedness to protect their networks and sensitive information from threat actors.