Back in March, I posted about a ransomware attack on the US satellite television provider – dish.com and the mess they made in communicating the incident to their thousands of customers who ad taken to social media to vent their upset with the company.
In the latest news, it seems likely that the company has now paid a ransom in order to help get them on a recovery plan.
A letter sent to affected customers alludes to the fact that a ransom has been paid by the specific wording used.
Dish has “received confirmation that the extracted data has been deleted”.
Ransomware gangs typically only remove data from their leak sites when their demands have been met, so for dish to word their letter in the way that they have suggests that a ransom has been paid.
Customer data not affected
The letter did however send some good news to customers in that Dish state that the data breach did not compromise any systems which contained customer information.
Employee data impacted
The same news however, cannot be given to employees, as Dish state that confidential records and sensitive information relating to almost 270,000 current and past employees had been compromised.
In a document filed with the Maine Attorney General, Dish identified that the breach affected 296,851 individuals, 529 of which live in Maine.
The data stolen included Names and other personal identifier information along with drivers licence numbers and non-drivers identification card numbers.
Law suits inbound
Since the February breach, Dish has been handed a number of class action law suits from affected individuals, including one in the district of Colorado stating the companies poor IT and cyber security posture as grounds for a court case.