Telecom company Dish confirms data breach impacting 300,000 individuals

US television and direct-broadcast satellite provider Dish Network has disclosed a security incident that led to the theft of personal data of 296,851 individuals.

The notice comes after a ransomware attack, claimed by the Black Basta ransomware crew, hit the telecoms provider in February 2023.

“As you may know, DISH announced a cybersecurity incident in late February that affected our internal servers and IT telephony and involved the extraction of certain data from our IT systems,” the company said in a sample letter submitted to the Maine Attorney General's breach notification website.

While the letter offers no particularities of the data that may have been compromised in the attack, the Maine filing mentions driver's licenses and non-driver ID card numbers belonging to former and current Dish employees and family members.

No customer information was accessed or stolen.

“We have since determined that our customer databases were not accessed in this incident,” the company explained. “However, we have confirmed that certain employee-related records and personal information (along with information of some former employees, family members and a limited number of other individuals) were among the data extracted.”

Dish was adamant that there have been no signs of misuse and that they have personally received confirmation that all the extracted data has been deleted.

“We have since determined that the extracted data includes some of your personal information,” Dish reported. “We are not aware of any misuse of your information, and we have received confirmation that the extracted data has been deleted.”

While the above statement can be interpreted as confirmation that the telecom company paid the attackers’ ransom demands, it does not guarantee that threat actors will not use the stolen information against victims.

Security specialists and the FBI never recommend paying a ransomware demand, as it only gives malicious actors more leverage and incentives to wage further attacks against businesses. Moreover, giving in to their demands is never a bulletproof solution, as it doesn’t guarantee the deletion of any sensitive information or getting the compromised systems back online.

In response to the breach, Dish is offering credit monitoring for individuals whose personal information was accessed by attackers.

Personally identifiable information such as driver’s licenses or any other form of ID can be used in a variety of identity crimes, including driver’s license fraud, synthetic identity theft and even mail fraud.

Data breach notices that lack comprehensive consumer-facing details on how to protect against potential risks are becoming more frequent. The lack of actionable information can even deter individuals from taking the precautions needed to tackle threats to their identity and financial wellbeing.

Bitdefender Identity Theft Protection can help you address all risks towards your identity with 24/7 identity monitoring to detect if and when your data ends up on the dark web, and it watches out for any fraud attempts including change-of-address requests, account takeover attacks and more. Subscribers also get an easy way to check out their credit score or order a credit freeze in case of compromise, plus up to a $2 million identity theft recovery plan and access to a dedicated resolution specialist.