Western Digital Confirms Customer Data Stolen in Ransomware Attack

Kamso Oguejiofor-Abugu Kamso Oguejiofor-Abugu Writer

Western Digital, a digital storage company, has confirmed that an unauthorized third party breached its systems on March 26 and gained access to some of the company’s systems. The company disconnected its systems and services in early April as a safety measure and informed customers about the breach.

“On April 2, 2023, we disclosed that upon discovery of this incident, we implemented incident response efforts and initiated an investigation with the assistance of leading security industry experts,” a press release from Western Digital read. “This investigation is underway and includes analysis to understand the nature and scope of data obtained by the unauthorized party.”

A ransomware group known as Alphv/BlackCat started leaking screenshots of video calls, emails, and internal documents discussing the attack, while threatening to go public with personal information, firmware, code signing certificates, and intellectual property if Western Digital doesn’t pay the ransom.

In the press release, Western Digital confirmed that the hackers had accessed a database the company uses for its online store, which contained customers’ personal information, including names, billing and shipping addresses, phone numbers, email addresses, hashed and salted passwords, and partial credit card numbers.

Western Digital’s factories have remained operational throughout the incident. Meanwhile, its My Cloud service was restored in mid-April, and the account access to the online store was also impacted, but the company expects to restore it the week of May 15.

The digital storage giant also confirmed that its digital certificate technology was intact, squashing any rumors of the company losing control over it,

“Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, the company confirmed that it has control over its digital certificate infrastructure,” the press release read. “In the event Western Digital needs to take precautionary measures to protect customers, the company can revoke certificates as needed.”

Western Digital focuses on maximizing the potential of data by utilizing advancements in memory technologies through Flash and HDD franchises while also committing to carbon reduction goals to combat climate change.

About the Author

About the Author

Kamso Oguejiofor is a former Content Writer at SafetyDetectives. He has over 2 years of experience writing and editing topics about cybersecurity, network security, fintech, and information security. He has also worked as a freelance writer for tech, health, beauty, fitness, and gaming publications, and he has experience in SEO writing, product descriptions/reviews, and news stories. When he’s not studying or writing, he likes to play basketball, work out, and binge watch anime and drama series.

Leave a Comment