The CEO of Dish claims that data was stolen in a cyberattack that shut down systems for days

According to an internal email sent by CEO Erik Carlson and obtained by The Verge, Dish has informed employees that it is “aware that certain data was extracted” from its IT systems as a result of this incident and that it is “investigating a cybersecurity incident.” This occurs on the fifth day of an internal outage that has shut down some of the company’s internal networks, customer support systems, and websites like dish.com and boostinfinite.com.

Although “it’s possible the investigation will reveal that the extracted data includes personal information,” the email does not specify whether the data was internal Dish information or customer data. The company’s Tuesday morning email states that it is “working around the clock to understand the issue and restore affected systems as quickly as possible” and that it has “limited information at this time,” suggesting that the scope of the leak may not yet be fully understood.

Since Carlson mentioned the incident on an earnings call on Friday afternoon, Dish has not provided much information to the public and has not responded to multiple requests for comment from The Verge. Dish’s securities filing confirmed the cyberattack, MarketWatch reported Tuesday morning. According to the filing, the business only discovered the data exfiltration on Monday and is collaborating with “third-party experts and advisors.”

Customers and employees alike have been affected by the outage. Dish endorsers, as well as Lift Limitless and Lift Portable clients, haven’t had the option to contact client service to do things like enact new gear, drop their administration, or even make an installment in certain occurrences. Dish currently has a basic version of its main website that takes users to a FAQ page and some basic troubleshooting steps for users looking for support.

When the systems come back online, one Dish employee told The Verge that management expects them to work overtime to clear the support backlog. Additionally, they stated that teams must be prepared to take calls immediately following the restoration of the systems. They stated, “I’ll be honest, I’m not looking forward to it.”

Although not all employees have confirmed to The Verge that they are receiving compensation despite being unable to work during the outage, this is not always the case. Management was “trying to find a way to pay us for this unpaid time off,” according to a source who works for a regional service provider contracted to install Dish systems, but it wasn’t a sure thing. They stated, “Many of us are living paycheck to paycheck and can’t afford this time off. I hope Dish does something about that.”

The company has been slow to share updates and information, even internally, according to some employees. One person stated, “I wish they’d give more light on the situation,” while another stated, “so bizarre” their manager’s method of communicating with one-line daily updates. Because the VPN is down, some Dish employees are relying on communication from site management to access their emails.) When I inquired about Carlson’s email, the latter employee informed me that a CNBC story was the first definitive information they had received about a cyberattack.

Dish’s systems do not appear to be back up and running at this time, either from the company or through internal communications. Some workers say they were given estimates, but it doesn’t seem like they were based on official company policy.