Satellite television provider Dish Network acknowledges in an 8-K Securities and Exchange filing dated February 28, 2023, that it was hit by a cyberattack recently involving exfiltration of “certain” but unidentified data.
The incident, which Dish said it became aware of on February 23, 2023, but did not identify as a cyberattack, shut down the company’s internal communications, customer call centers and internet sites. At this point, Dish does not know the full extent of the damage but suspects some customer information may have been lifted. Dish TV is still up and running, officials said.
What is Dish Saying?
Dish initially blamed the outages on a glitch with its virtual private network (VPN), according to reports. However, in a subsequent statement the company acknowledged the cyber incident:
"We immediately activated our incident response and business continuity plans to contain, assess and remediate the situation. We retained the services of cybersecurity experts and outside advisors to assist in the evaluation of the situation, and we notified appropriate law enforcement authorities."
Dish has yet to say when it expects to be fully operational. There’s been no word so far from Dish about how long the attackers were inside its networks nor has the company labeled the infection specifically a ransomware attack.
In addition, Dish has not provided any details about what cyber crew may have been behind the attack. It didn’t say if a ransom note was left, how much was demanded and if the company had paid it. It did say that it is "making progress on the customer service front" but it will take a "little time before things are fully restored."
In the 8-K filing, Dish stated:
“On February 23, 2023, DISH Network Corporation (the “Corporation”) announced on its earnings call that the Corporation had experienced a network outage that affected internal servers and IT telephony. The Corporation immediately activated its incident response and business continuity plans designed to contain, assess and remediate the situation."
Without directly saying so, Dish appears to have engaged managed security service providers or other third-party providers to help with its forensic analysis as well as law enforcement authorities.
As for the data exfiltration:
“On February 27, 2023, the Corporation became aware that certain data was extracted from the Corporation’s IT systems as part of this incident. It is possible the investigation will reveal that the extracted data includes personal information. The measures described above are continuing while the Corporation, with the assistance of third-party experts and advisors, investigates the extent of the cyber-security incident.
"The forensic investigation and assessment of the impact of this incident is ongoing. DISH, Sling and our wireless and data networks remain operational; however the Corporation’s internal communications, customer call centers and internet sites have been affected. The Corporation is actively engaged in restoring the affected systems and is making steady progress.”
Ironically, the outage occurred as the company was about to release its earnings for the fourth quarter and fiscal year 2022. On its February 23 earnings call, Dish chief executive Erik Carlson said the company was experiencing an “internal outage that’s continuing to affect our internal servers and IT telephony.” He confirmed that “internal communications, customer care functions and Internet sites” were non operational but he did not admit that the cause was a cyber attack.
The Colorado-based company’s stock price has fallen 20% since it first reported the incident.