Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day "network outage."
These class action lawsuits, filed across different states, allege that DISH "overstated" its operational efficiency while having a deficient cybersecurity and IT infrastructure. The legal actions aim to recover losses faced by DISH investors who were adversely affected by what has been dubbed a "securities fraud."
Dish sued after ransomware incident
At least six law firms are pursuing a class action lawsuit against Dish and seeking to recover losses for Dish shareholders who were adversely affected by the alleged "securities fraud" from February 22, 2021 to February 27, 2023.
The civil complaint alleges that DISH Network attempted to conceal the fact that it maintained "deficient" cybersecurity and IT infrastructure while overstating its operational efficiency.
"...As a result of the foregoing, the Company was unable to properly secure customer data, leaving it vulnerable to access by malicious third parties," states a court complaint filed in the U.S. District Court of Colorado.
Firms representing the plaintiffs include Rosen Law Firm, Levi & Korsinsky, New York-based Law Offices of Vincent Wong, San Diego-based Robins LLP, Bragar Eagel & Squire, P.C., as well as, Bernstein Liebhard LLP.
"The foregoing cybersecurity deficiencies also both rendered Dish's operations susceptible to widespread service outages and hindered the Company's ability to respond to such outages; and... as a result, the company's public statements were materially false and misleading at all relevant times," alleges the complaint.
Dish stock crumbled after cyber attack
Around February 24th, American TV giant and satellite broadcast provider, DISH had mysteriously gone offline with its websites and apps ceasing to function for days. What the company had previously dubbed a "network outage," also hit its subsidiaries, including Boost Mobile.
During this time, multiple DISH employees and associates reached out to BleepingComputer sharing details on what appeared to be a cyber attack at the time.
On February 28th, in an SEC filing first spotted by BleepingComputer, DISH ultimately confirmed it had been hit by a ransomware attack.
In days following the disclosure, DISH continued to struggle bringing its IT systems and the website, Dish.com back up:
Following the news of Dish ransomware attack, the Network's stock price fell $0.79 per share, "or 6.48%, to close at $11.41 per share on February 28, 2023," states the complaint.
The company has since continued to battle the widespread disruption to its cyber systems, including the customer portal MyDISH. As a result, the company is advising its customers that they will be receiving a paper bill for the month of March [1, 2].
Investors who suffered a loss because of DISH's alleged negligence have until May 22, 2023 to join the class of plaintiffs.
Update, April 1st, 2023 08:25 AM ET: Added an additional law firm's name involved in the litigation.
Comments
sun-devil99 - 1 year ago
These lawsuits claim "DISH "overstated" its operational efficiency". Perhaps for their website, customer support and secondary services (Dish Anywhere/Boost Mobile). However, those of us who subscribed and used just the core "Dish" service for TV we never lost service. Now, we don't use Dish Anywhere App or a were subscribers to Boost Mobile or HBO Max or even tried to use DiSH service to validate for another streaming service. . It was only a few days before the "attack" that we had made programing changes.
What exactly is "deficient" cybersecurity? Is there a standard? In the past couple years it seems many companies, organization, our family doctor's practice and even the US Government (FBI) have had cyber security incidents on their networks. Cyber Security Incidents just don't have the 'stigma' that they used to as people are so use to them occurring they've gone numb and don't really pay attention to them anymore. If anything people think when a cyber security incident affects them it just mean 'another free-year of credit /ID monitoring!' service (which they likely never use).
The US doesn't have the "tough' laws such as the EU's 'This Site Uses Cookies Law' aka GDPR. Not living in EU, not sure how effective GDPR has been in getting companies to do everything in their power to thwart Cyber Security Incident....it has though made everyone in the world annoyed with 'cookies banners'.
ThomasMann - 1 year ago
To answer your question: "cybersecurity" is cybersecurity is cybersecurity. Or rather not "is", but "would/should be"
And it does not exist, as even you admit between the lines.
Even if the majority of the clowns that are paid to provide it were a lot less incompetent, it stll could not exist.
People who really think about this subject find it unfathomable how large parts of societies and most states are handled by a technique that is in itself per definition never safe...
Many people are looking very much forward to the first truly major crash this will one day cause. The question has for a long time no longer been if, but only when. I very much enjoy watching this movie.... because it happens to be like this::
"It is very difficult to get someone to understand something, when their salary depends upon his not understanding it." Upton Sinclair