DISH Network Announces Large-Scale Data Breach Affecting Nearly 300,000

• DISH Network L.L.C. announced a significant data breach that occurred in February 2023, affecting nearly 300,000 individuals. The breach, involving external system hacking, resulted in the extraction of personal information including names and driver’s license numbers.
• In response to the breach, DISH has provided free two-year credit monitoring services through TransUnion, begun online and dark web surveillance, and is taking additional proactive measures to enhance its cybersecurity defenses and system security. The company has confirmed that the extracted data has been deleted, with no evidence of misuse or public exposure of the stolen information.

ENGLEWOOD, Colorado – DISH Network L.L.C., a leading telecommunications company, announced today a substantial data breach that affected nearly 300,000 individuals. The breach, which took place between February 22nd and 23rd, 2023, was identified by the company on May 8th, 2023.

According to the company’s shareholder Lori Kalani from Cozen O’Connor LLP, the breach involved an external system hacking incident. Sensitive personal information, including names, driver’s license numbers or non-driver identification card numbers, was extracted from the company’s IT systems.

Despite the massive breach, DISH maintains that the company’s customer databases were not accessed. Instead, the breach primarily impacted employee-related records and personal information, including those of some former employees, family members, and a limited number of other individuals.

Upon discovering the breach, DISH activated its incident response and business continuity plans. They moved quickly to prevent further access to the compromised systems, temporarily shutting down the internal network. Cyber-security experts and outside advisors were brought in to evaluate the situation, and the company has since notified the appropriate law enforcement authorities.

Following extensive investigation and evaluation, DISH received confirmation that the extracted data has been deleted, alleviating some concerns about potential misuse of the personal information.

DISH has begun the process of contacting those affected by the data breach. The company has also extended an offer of free credit monitoring for two years through TransUnion, regardless of the individuals’ residential locations. Affected persons have until August 31, 2023, to enroll in this service.

In the aftermath of this cybersecurity incident, DISH is conducting online monitoring and dark web scanning. Initial results from this surveillance corroborate the confirmation that the extracted data has been deleted. No evidence of the misuse of any personal information has been found, including any signs of it being published, traded, or sold.