Dish confirms 300,000 people's data was exposed in February's attack Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also appearing to indirectly admit it may have paid cybercriminals to delete said data. Dish customers can rest easy, at the very least, as the telco said in a sample …
Oh goody, more free credit monitoring! Hooray!
I'm starting to wonder if there's any backroom deals between TransUnion/Equifax/Experian and some of these ransomware gangs, but that gives me flashbacks to when we wondered similarly semi-cynical thoughts about AV vendors secretly generating and propagating malware.
Quote
"We have received confirmation that the extracted data has been deleted," Dish said, adding that it has been monitoring the dark web and criminal forums for signs the data is available online. "The results of the monitoring are consistent with the confirmation that the extracted data has been deleted," it added.
The only people who could possibly delete it are the people who stole it in the first place, and DISH believes them, OK well, stranger things have happened, no?
And that assumes that said actors didn’t sell what they had extracted to another party before deleting it, no?
I’ll give it 18 months at most before this data starts appearing all over the place; prime phishing material, no?
OK now what actually needs to happen in cases such as this?* Firstly senior management at DISH (or any other company), need to be looking at jail time, not company fines, not half felt apologies, but whoever was CTO and CEO at DISH at the time, needs to be handcuffed and dragged out of their home (ideally with the world’s press in attendance to record it), on the grounds that they were, well, fucking incompetent and as such compromised the details for a lot of people.
In fact maybe every single investor in DISH needs to be hit with a (small) fine, On the grounds that you want the rewards when it works, (fair enough), take the rap when the people in charge (which as investors, you are responsible for), fuck up!
*Yes, of course I know this won’t ever happen, it not being the way the system works. One day though, maybe?
In fact maybe every single investor in DISH needs to be hit
Other way around. (If it was paid) then the investors should purge all directors who knew about it and take the ones responsible to court for misappropriation of company funds. It's a publicly traded company half owned by institutional investors, there's no way they would have okayed a ransom-for-delete policy even if they gave the nod for ransoms in other scenarios. If it's been covered by an insurance company then the investors of that company should do likewise.
I'm a bit less quick to jump to conclusions though. It's possible they've been tipped off by a - most likely state backed - hack-back group who compromised Black Basta well enough to have confidence a counter-attack deleted the data before it was copied on.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
