Dish Network data breach: What to do if you’ve been affected


This article is a preview of The Tech Friend newsletter. Sign up here to get it in your inbox every Tuesday and Friday.

About six weeks ago, hackers crippled the computer systems of the TV and mobile phone provider Dish Network. The company said crooks might have stolen personal information about Dish, Sling TV and Boost Mobile customers.

Weeks later, some customers were still howling that they couldn’t watch streaming services, pay their bills or cancel service. People have complained about customer service wait times that stretched to 14 hours, NBC News reported.

Dish said in a statement last week that it has restored many of the systems hit in the cyberattack. Customers are still picking up the pieces.

If you’re one of the millions of Americans caught up in this mess, I’m sorry. Through no fault of your own, this might have cost you money, time and aggravation — and put you at risk of identity theft.

It is not acceptable for crooks to steal your data and for services that you rely on to fail. And it is not okay for companies to keep you in the dark.

For Dish customers, I have practical steps you can take to protect yourself and try to extract retribution — although that won’t be easy. (Dish Network didn’t respond to my questions.)

One thing I learned: There still isn’t a straightforward process to follow when data breaches and tech service failures happen to you. It feels like a maddening quest you have to figure out on your own.

Consumer advocacy groups and government agencies could do a better job giving you one spot where you can safeguard your stolen information, demand action from state and federal enforcers, and potentially ask lawmakers to pass stronger privacy and cybersecurity laws that might prevent another Dish fiasco.

Here’s what you can do if you’re a Dish, Sling TV or Boost Mobile customer:

1. Watch your accounts carefully.

You should assume that the thieves who broke into Dish’s systems stole your information, including your name, contact details and financial account information.

The risk is that a bad guy who has your personal details might open a credit card or take out a car loan in your name. Or a thief might commit unemployment insurance fraud with your information or steal your tax refund.

Dish, Sling TV and Boost customers need to be on alert for anything that seems fishy. It’s unfair, but personal vigilance is your best defense.

If you receive a text about phone service you didn’t order, a bill from an unfamiliar doctor or a notice about an application for government benefits that you didn’t make, alarm bells should go off. Someone might be impersonating you.

Read more: Being paranoid is your best protection from fraud

2. Check your credit reports. Consider freezing your credit.

Reading your credit report from each of the three major credit rating companies can tip you off if someone opens a bank account or takes out a car loan with your stolen information.

Usually you are legally entitled to access your credit reports once a year for free. Until the end of 2023, it’s free once a week.

Ask for your credit reports from Equifax, Experian and TransUnion at

Please don’t do a web search for “free credit report.” Search results are a minefield for credit-related terms.

You can also block companies from accessing your credit reports — also known as a credit freeze.

This discourages crooks from using your personal information on loans or job applications. It also makes it cumbersome for you to do the same. And credit freezes aren’t ironclad protection.

You need to set up an account to freeze credit separately with each credit bureau. Follow the links for Equifax, Experian and TransUnion. It’s free. Credit monitoring is not.

Read more: The pros and cons of credit freezes vs. credit monitoring

3. Change passwords that are the same as your Dish account

If you use the same password for Sling TV and Instagram, thieves now have the information they might need to take over your Instagram account.

If you think you reused the same password from your Dish, Sling TV or Boost Mobile accounts anywhere else online, change those passwords right now.

You might also consider canceling your credit card or contacting your bank to create a new account number if that info was saved in your Dish account.

Read more: Hacks and data breaches are all too common. Here’s what to do if you’re affected.

4. Keep records of what you’ve done to pick up the pieces

Consumer advocates said you should take notes and keep documents of communications with Dish and what you’ve done to recover from the cyberattack. Keep receipts if you’ve signed up for credit alerts or freezes.

These records could help you in legal cases or regulatory investigations.

If you want a resolution from Dish — such as reimbursement for service you couldn’t access or to pay for your credit monitoring— consider filing a complaint with the Better Business Bureau.

Melanie McGovern with the International Association of Better Business Bureaus said that the organization encourages people to try to resolve an issue directly with a company.

If you haven’t been able to, the Better Business Bureau can be a go-between. Dish has historically been responsive to Better Business Bureau complaints, McGovern said.

(Let me know about your experience with Dish Network and this cyberattack at

5. Complain to the FTC and FCC

The Federal Trade Commission is responsible for enforcing data privacy laws. If you’re a Dish, Sling or Boost customer, you should file a fraud complaint with the FTC. Do it even if you’re not sure whether your personal information was stolen.

Choose the option for “Phone, internet, TV service” and then in the next step, select “privacy or data security concern.” Follow the prompts, skip the questions about money lost in a scam, and put your complaint in the “comments” field.

You might say at a minimum: Dish Network said my personal information may have been compromised in a cyberattack.

The Federal Communications Commission is the government watchdog for TV and phone companies. File a complaint with the FCC here.

Also, search online for the name of your state plus “attorney general consumer protection complaint.” State regulators may also be interested in the Dish data breach or how the company treated customers.

Complaining to these agencies won’t fix your problems with Dish. But you still want regulators to investigate and try to assign blame for what happened.

Maybe you’ll get money if regulators decide Dish did something wrong, although that process could take years.

My phone, my credit card, my hacker and me. (Business Insider)

Is your iPhone weather app not working right now? Yeah, it has been busted for some people. (Apple system status) Here are other great weather apps — and forecast accuracy is essentially all the same. (Washington Post)

I know everything about the cyberattack of Dish and other companies is grim. But there is a teeny silver lining.

U.S. states and the Securities and Exchange Commission now require companies to disclose quickly if they believe digital crooks stole your personal information. This is progress.

When hackers stole personal data on more than 140 million Americans from Equifax in 2017, it took the credit reporting company about six weeks to disclose it. Uber kept quiet for more than a year about a 2016 theft of personal details of drivers and passengers.

Dish seems to have fessed up to its cyberattack fairly quickly — in a potential sign that the tougher rules for security breach disclosures are working.

It’s not clear, though, that Dish’s cyberattack news reached the people who matter most: Dish’s customers. I’ll repeat. What happened to you is unfair.

Add a Comment

Your email address will not be published. Required fields are marked *