Dish says ransomware gang stole almost 300,000 employee records

U.S. satellite television giant Dish has confirmed that hackers stole the personal information of almost 300,000 individuals during a February ransomware attack.

In a data breach notification filed with Maine’s attorney general last week, Dish said that while customer databases were unaffected by the incident, hackers accessed hundreds of thousands of employee-related records during the cyberattack. Dish, which currently employs around 16,000 people, said that former employees, employees’ family members and a “limited number of other individuals” were affected by the breach.

This long-awaited data breach notice comes months after Dish confirmed that hackers had exfiltrated data from its systems during the cybersecurity incident without revealing whether customers or employees were affected.

Dish’s data breach notification confirms that hackers also accessed driver’s license numbers and other forms of identification. When reached by TechCrunch, Dish spokesperson Edward Wietecha declined to comment or confirm what types of data were accessed.

In its letter sent to those affected, Dish notes that it has “received confirmation that the extracted data has been deleted.” It’s not uncommon for affected organizations to pay a ransom to limit the spread of stolen data, particularly in double-extortion schemes, whereby hackers threaten to publish stolen data if a payment isn’t made. Researchers have long noted that ransomware gangs do not always delete the stolen data as claimed.

Dish has also not yet been added to the dark web leak site of the Russia-linked Black Basta ransomware gang — allegedly behind the cyberattack — another sign that the company may have negotiated with the attackers. Black Basta is also said to be behind the recent attack on British outsourcing giant Capita.

When asked, Dish’s spokesperson would not say if the company had paid a ransom but did not dispute the claim.

Dish’s ransomware incident first came to light in late February after customers complained about a prolonged outage that prevented them from accessing streams, services or their accounts. While Dish confirmed that ransomware was the cause of the multi-day outage days later, TechCrunch learned that the company had kept both customers and employees in the dark about the incident and the safety of their data.