Dish told employees it was “investigating a cybersecurity incident” and was “aware that some data was extracted” from its IT systems as a result of the incident, according to an internal email sent by the CEO Erik Carlson and obtained by The edge. It comes on the fifth day of an internal outage that took down some of the company’s internal networks, customer support systems and websites such as boostinfinite.com and dish.com.
The email does not contain any details as to whether the data was internal Dish information or customer data, although it does state that “investigation may reveal that the extracted data includes personal information.” The extent of the leak may not yet be fully known, as the email, sent Tuesday morning, says the company is “working around the clock to understand the issue and restore affected systems as quickly as possible.” possible” and that she has “limited information at this time.”
Dish hasn’t publicly shared much information about the incident since Friday afternoon, when Carlson mentioned it during an earnings call, and he hasn’t responded to multiple requests for comment from The edge. MarketWatch reported Tuesday morning that Dish had confirmed the cyberattack via a securities filing. The filing notes that the company only learned of the data exfiltration on Monday and that it is working with “third-party experts and advisors.”
The outage impacted both customers and employees. Dish subscribers, as well as Boost Infinite and Boost Mobile users, were unable to contact customer support to activate new equipment, cancel their service, or even make a payment in some cases. Dish currently has a skeleton version of its main website that directs users seeking support to an FAQ page and some basic troubleshooting steps.
A Dish employee said The edge that management expects them to work overtime to clear the support backlog when the systems are back online. They also said teams should be on standby as they should start taking calls within an hour of systems being restored. “I’ll be honest, I’m not looking forward to it,” they said.
Several employees said The edge that they are paid during the outage even if they cannot work, although this is not necessarily the case for everyone. A source who works for a regional service provider under contract to install Dish systems said management was “trying to find a way to pay us for this unpaid time off” but it wasn’t a sure thing. “I hope Dish will do something about this because a lot of us are paid check to check and can’t afford this time off,” they said.
“I wish they would shed more light on the situation.”
Some employees noted that the company has been slow to share updates and information, even internally. “I wish they would shed more light on the situation,” one person said, while another said their manager’s method of communicating with daily one-line updates was “so weird “. (Some Dish employees can’t access their emails due to the VPN outage and are relying on site management communications.) This last employee said the first definitive thing they heard about a cyberattack was when I asked them about Carlson’s email and they found a story through CNBC.
There does not currently appear to be an ETA on when Dish’s systems will be operational again, either from the company itself or in internal communications. Some employees report receiving estimates, but they do not appear to be based on official company policy.