Investors in Dish Network have filed multiple class action securities lawsuits, alleging the pay TV provider made “materially false and misleading statements” about its cybersecurity posture.
The action relates to investors who acquired securities in the firm between February 22 2021 and February 27 2023.
Read more on data breach lawsuits: Marriott Hit by Another Class Action Lawsuit After Breach.
According to one of the law firms involved, Bernstein Liebhard, the plaintiffs are alleging that Dish Network failed to disclose that:
- It overstated its operational efficiency and maintained a “deficient cybersecurity and information technology infrastructure”
- It was unable to properly secure customer data, leaving it vulnerable to malicious third parties
- Security deficiencies rendered its operations susceptible to major service outages and negatively impacted incident response
The Colorado-headquartered firm, which also owns wireless service provider Boost Mobile and streaming provider Sling, claimed on February 24 that a “network outage” was behind an incident in which its websites and apps stopped working and call center phone lines went down.
Four days later it confirmed that a security incident was the cause of the outages. Ransomware was finally confirmed as the cause in an SEC filing a few days later.
That filing also claimed that data, potentially including customers’ personal information, was also taken during the incident.
Several other law firms are representing plaintiffs in the case, including The Rosen Law Firm, Levi & Korsinsky, and Bragar Eagel & Squire. The case highlights the potential financial, reputational and legal risks facing firms following a security breach.
Lawsuits like this can add significantly to potential post-breach costs. IBM calculates the average global cost of a data breach to be nearly $4.4m today, a record high. However, it is more than twice as large in the US ($9.4m).