Data storage giant Western Digital (Western Digital) was hacked in March this year, the attackers claimed to have stolen about 10 terabytes of important data, including a large amount of customer information and urged Western Digital to start negotiations, demanding a ransom of at least eight figures.
Western Digital issued an official announcement on May 5, acknowledging that a “third party” had accessed a database containing information about Western Digital’s online store, and the announcement as follows:
On March 26, 2023, we discovered a cybersecurity incident in which an unauthorized third party gained access to multiple company systems.
On April 2, 2023, we implemented incident response efforts following the discovery of this incident and initiated an investigation with the assistance of security industry experts. This investigation is ongoing and includes analysis to understand the nature and extent of the data obtained by unauthorized parties.
As a precautionary measure to protect our business operations, the company proactively disconnected its systems and services from the public Internet. We are gradually completing the recovery process, and most of the affected systems and services are now operational. Our facilities have been operating throughout the incident and are shipping products to meet customer demand. Although initially impacted by our proactive measures, My Cloud services have been restored as of April 13, 2023. Account access to the Western Digital Online Store was also impacted and is expected to be restored the week of May 15, 2023.
We have worked with outside forensic experts to confirm that an unauthorized party obtained a copy of the database used for our online store, which contains some personal information of online store customers. This information included customer names, billing and shipping addresses, email addresses, and phone numbers. In addition, the database contains hashed and obfuscated passwords in encrypted format and some credit card numbers. We will communicate directly with affected customers.
Regarding reports of possible fraudulent use of digital signature technology allegedly belonging to Western Digital in consumer products, we have control over the digital certificate infrastructure. We can revoke certificates as needed if precautions need to be taken to protect customers.
