Reports from Western Digital stated that they had a network security incident on March 26, 2023, in which an unauthorized group gained access to their company’s systems.
After its initial discovery, they disclosed this incident on April 2, 2023, took necessary precautions, and implemented incident response efforts. They have been investigating this issue to understand the level of data exfiltrated by the third party.
The company had isolated its systems from the public internet and progressed with external cyber security experts to restore its operations.
As stated by Western Digital, “Our factories are and have been operational throughout this incident and we are shipping products to meet our customers’ needs. While initially impacted by our proactive measures, as of April 13, 2023, My Cloud service was restored. Account access to Western Digital’s online store also was impacted and is expected to be restored the week of May 15, 2023.”
After a certain level of investigation with forensic experts, they found that threat actors had gained access to a copy of the Western digital database, which contained the personal information of their online store users.
The data stolen by the attackers contain,
- Customer name
- Billing and shipping address
- Email address
- Telephone numbers
- Hash and salted passwords (In encrypted format) and
- Partial credit card numbers.
Western Digital is working on reaching their impacted customers for this incident. They also mentioned that they have complete control over their digital certificate infrastructure.
They have also released a forward-looking statement for the press release, which states, “Additional risks and uncertainties that may cause actual results to differ materially include the risks and uncertainties listed in the Company’s filings with the Securities and Exchange Commission (the “SEC”), including the Company’s Form 10-K filed with the SEC on August 25, 2022, to which your attention is directed.”
Additional information on this issue is yet to be released by Western Digital.
Source: https://cybersecuritynews.com/western-digital-hack/