Executives at Dish Network on Monday provided an update on the cybersecurity incident that crippled the company’s internal networks three months ago.
The update was delivered as part of Dish’s first quarter (Q1) earnings report for the year, which affirmed that customer information was not compromised as a result of the incident.
The affirmation comes about two months after Dish said it was probing the possibility that customer information was obtained during the widespread cyberattack, which caused the company’s internal systems to go offline and impacted customer support-related services.
“We have determined that our customer databases were not accessed in this incident,” a Dish executive wrote in documents filed with the Securities and Exchange Commission (SEC) on Monday. “However, we have confirmed that certain employee-related records as well as a limited number of other records containing personal information were among the data extracted.”
Dish said it was taking steps “to protect the affected records and personal information,” adding that the “extracted data has been deleted.”
“While we have no evidence that this data has been misused, we have started the process of notifying individuals whose data was extracted,” Dish said.
Related: Dish loses 550,000 customers while dealing with cyberattack
The incident happened in mid-February as Dish was set to report its fourth quarter (Q4) earnings for 2022 as well as its 12-month performance for the year.
“On February 23, we experienced a cybersecurity incident that has affected some of our internal communications, customer call centers, and internet sites,” a Dish Network spokesperson said. “We immediately activated our incident response and business continuity plans to contain, assess and remediate the situation. We retained the services of cybersecurity experts and outside advisors to assist in the evaluation of the situation, and we notified appropriate law enforcement authorities.”
Customers who couldn’t pay their bills online weren’t charged late fees, nor did they have their service canceled as a result of non-payment. A Dish spokesperson said the company mailed bills to customers during the incident.
Dish was the fourth known media or broadcast company to be hit with a cyberattack in the last two years. In late January, a ransomware attack crippled computer systems used by Skyview Networks, which impacted that company’s ability to provide syndicated radio programming and news bulletins to hundreds of radio stations in the United States.
Late last year, a cybersecurity incident impacted streaming television service Fubo TV during the World Cup soccer tournament, leaving some customers unable to watch certain matches that were being aired on Fox and Telemundo.
In June 2021, a ransomware attack against several Cox Media-owned broadcast stations made it difficult for local news broadcasts to air.