Western Digital customer data stolen in March cyberattack

The information included customer names, billing and shipping addresses, email addresses and telephone numbers

US-based storage services and hardware provider Western Digital has issued an update on the data breach that occurred in March, telling customers that their data was stolen in that incident.

The company's press release states that on March 26, a network security incident was detected, with hackers gaining access to several of the company's systems.

"As a precautionary measure to secure our business operations, the Company proactively disconnected our systems and services from the public Internet," Western Digital wrote.

"We are progressing through our restoration process and the majority of our impacted systems and services are now operational."

In addition to the press release, the company also sent a security notification to customers last week, stating that it was collaborating with external forensic and security experts to investigate the events that took place on its servers.

As per the company's statement, the data breach resulted in hackers obtaining a copy of a Western Digital database that was utilised for the company's online store.

The database contained certain personal information of customers who had made purchases through the online store.

"This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers," the firm noted.

Western Digital says it is aware that other information, purportedly belonging to the company, has been made public and has stated that it is currently investigating the authenticity of this data.

As part of their ongoing investigation, the firm has temporarily taken its store offline. The store's webpage now displays a message that reads, "We'll be back soon: We are unable to process orders at this time."

Access to the online store is expected to be reinstated on 15th May 2023, according to the company's statement.

In response to the reports that digital signing technology, purportedly associated with Western Digital, may have been fraudulently utilised in consumer products, the company has said that it has complete control over its digital certificate infrastructure.

"In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed. We'd like to remind consumers to always use caution when downloading applications from non-reputable sources on the Internet."

Western Digital has cautioned its affected customers to remain vigilant against spear-phishing attacks, where threat actors may impersonate the company and leverage the stolen data to acquire additional personal information from customers.

Last month, Western Digital disclosed that it had fallen victim to a data breach, but did not provide specific information regarding the scope of the breach or the type of data that had been compromised.

Upon detecting the attack, the firm took the precautionary measure of shutting down its My Cloud consumer cloud and backup service, which affected a number of its products and services, such as My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, and SanDisk Ixpand Wireless Charger.

A few days following the incident, one of the hackers involved in the breach told TechCrunch that customer information was among the 10 terabytes of data that had been stolen from Western Digital's systems.

"We are the vermin who breached your company. Perhaps your attention is needed!" the hackers told the company in an email. "Continue down this path and we will retaliate."

On 28th April, the threat actors released a note, which included screenshots of stolen emails, documents and applications, demonstrating that they still had access to Western Digital's network.

Additionally, the hackers asserted that they had stolen an SAP Backoffice database that contained customer information, and shared a screenshot that apparently showed customers' invoices.