Ransomware, Incident Response, Breach

Dish Network lawsuits pile up after crippling ransomware attack

KIEV, UKRAINE – 2018/11/14:  In this photo illustration, the Dish Network Satellite television company logo seen displayed on a smartphone. (Photo Illustration by Igor Golovniov/SOPA Images/LightRocket via Getty Images)

Dish Network faces multiple class action lawsuits for allegedly making "materially false and misleading statements" tied to a crippling February ransomware attack

The lawsuits, filed by six law firms on behalf of individual investors, claims that Dish Network has overstated its operational efficiency and cybersecurity infrastructure resiliency since 2021. They claim Dish Network’s understatement of both resulted in financial losses to investors when the company hit with a cyberattack in February. 

The legal actions seek to recover damages for investors who purchased or acquired Dish Network securities between Feb. 22, 2021 and Feb. 27, 2023. Following the confirmation of the ransomware attack, Dish Network’s stock price slumped 6.48% to close at $11.41 per share on the same day. 

The initial attack on Feb. 24, 2023 caused widespread network outage impacting Dish Network consumer apps, websites and its internal billing systems. The company initially claimed it was "a system issue." But in a SEC filing on Feb. 28, Dish Network confirmed that the outage was a result of a ransomware attack. 

"As a result of Defendants' [Dish Network] wrongful acts and omissions, and the precipitous decline in the market value of the Company's securities, Plaintiff [investors] and other Class members have suffered significant losses and damages," stated one of the class action complaints filed with the United States District Court for the District of Colorado by Rosen Law Firm. 

That complaint alleges that Dish Network has operated its business with "fraud and deceit" misleading investors and customers starting on Feb. 22, 2021, when the company filed SEC an annual report (the "2020 10-K") with the alleged inaccurate and misleading statements about its’ security posture and readiness. 

According to the complaint, Dish Network’s incident response tied to the Feb. 23, 2023, cyberattack is evidence showing its’ 2020 10-K statement was inconsistent with its actual ability to mitigate cybersecurity incidents. In its’ 10-K, Dish Network asserted it delivers "outstanding customer service" to address customer problems quickly and effectively. 

While Dish acknowledged in the 10-K that its security measures might not be sufficient and could be vulnerable to hackers, the complaint said Dish Network’s "vague and generalized" terms fail to spell out the known specific risks associated with the deficient cybersecurity and information technology infrastructure. 

The complaint also stated the company gave investors a false image of its security capabilities by issuing several misleading press releases. For example, in a January 25 press release titled "DISH Adopts Verica's Chaos Engineering Platform to Test and Ensure Reliability of its 5G Smart Network," the company claimed that the partnership would allow its engineers to understand "the limits of its networks and software, as well as how to make improvements before an outage incident." 

"The Company's public statements were materially false and misleading at all relevant times," Rosen Law firm's complaint concluded. 

Dish did not respond to this reporter’s request for comment on this article. 

Other law firms representing the plaintiffs include Levi & Korsinsky, New York-based Law Offices of Vincent Wong, San Diego-based Robins LLP, Bragar Eagel & Squire, P.C., and Bernstein Liebhard LLP. 

Dish Network’s awful 2023, so far

On March 24, 2023, SC Media reported that Dish Network customers continued experiencing service disruption and technical issues weeks after the ransomware attack, with many complaining that they were asked to wait for more than an hour to speak to a customer service representative. 

While Dish Network’s customers have taken to social media to air frustration with the company, when SC Media called the company’s service center on Friday, we were able to quickly get through. By comparison, on March 24, when we called Dish Network customer service the wait time was 80 minutes. 

Despite lawsuits, Moody's Investors Service said that Dish Network maintains its’ original credit rating assessment. Moody explained because the cyberattack did not paralyze the company, Dish Network would remain on a “sustained basis”, meaning the current challenges will not impact the company’s long-term prognosis

Menghan Xiao

Menghan Xiao is a cybersecurity reporter at SC Media, covering software supply chain security, workforce/business, and threat intelligence. Before SC Media, Xiao studied journalism at Northwestern University, where she received a merit-based scholarship from Medill and Jack Modzelewski Scholarship Fund.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.