DISH Network confirms 300k affected by data hack
May 23, 2023
By Chris Forrester
US pay-TV operator DISH Network has confirmed a recent ransomware attack which impacted 300,000 names, mostly employees.
The confirmation of the attack, which happened in February, emerged in legal documents submitted to Maine’s Attorney General, and stated that while customer databases were unaffected the hackers accessed employee records during the cyber-attack.
The initial attack caused widespread network outage impacting DISH Network consumer apps, websites and its internal billing systems. The company initially claimed it was “a system issue.”
The DTH operator, which currently employs nearly 16,000 people, said the data attack included current staff, their relations and a number of other individuals.
In its letter sent to those affected, DISH noted that it has “received confirmation that the extracted data has been deleted”, the report mentioned.
The consequences are now being seen. Lawsuits under ‘Class Action’ rules have now come from six law firms.
The lawsuits claim that DISH Network has overstated its operational efficiency and cybersecurity infrastructure resiliency since 2021. They claim DISH Network’s understatement of both resulted in financial losses to investors when the company hit with a cyberattack in February.
The legal actions seek to recover damages for investors who purchased or acquired DISH Network securities between February 22nd 2021 and February 27th 2023. Following the confirmation of the ransomware attack, DISH Network’s stock price slumped 6.48 per cent to close at $11.41 per share on the same day.
“As a result of Defendants’ [Dish Network] wrongful acts and omissions, and the precipitous decline in the market value of the Company’s securities, Plaintiff [investors] and other Class members have suffered significant losses and damages,” stated one of the class action complaints filed with the US District Court for the District of Colorado by Rosen Law Firm.
The writ motions alleges that DISH Network has operated its business with “fraud and deceit” misleading investors and customers starting on February 22nd 2021, when the company filed SEC an annual report (the “2020 10-K”) with the alleged inaccurate and misleading statements about its security posture and readiness.