Satellite TV giant Dish Network has started notifying the individuals whose data was compromised in a recent ransomware attack.
The company informed the Maine Attorney General about the data breach last week and shared a copy of the notification letter sent to impacted people. Dish told authorities that the incident impacted more than 296,000 individuals.
The notification letter reveals that while there is no evidence of customer databases being accessed by hackers, the stolen data does include employee-related records and personal information. This includes former employees and their family members.
The security incident came to light in late February, when various Dish services, including its websites and applications, became inaccessible. The company later confirmed that the outage was caused by a ransomware attack and admitted that personal information may have been stolen.
“We are not aware of any misuse of your information, and we have received confirmation that the extracted data has been deleted,” Dish is now telling impacted individuals.
The fact that it has received confirmation of the stolen data being deleted suggests that it has paid a ransom to the cybercriminals.
If — as reported — the Russia-linked BlackBasta ransomware group is behind the attack, paying the ransom would explain why Dish has not been named on the cybercriminals’ leak website.