Data storage giant Western Digital Corp. last month confirmed that an “unauthorized third party” had exfiltrated data from its systems during a “network security incident” on March 26, 2023.
Upon discovery of the incident, the PC storage company said that it had implemented incident response efforts and began an investigation with the assistance of leading outside security and forensic experts.
Now, Western Digital has provided an update on the network security incident involving some of its systems and its consequences.
In a press release published on Friday, the company confirmed that an unauthorized party was able to access a copy of a Western Digital database containing limited personal information of its online store customers, which was stolen during the attack.
“This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers. We will communicate directly with impacted customers,” Western Digital said.
The company’s statement added it was aware that other alleged Western Digital information has been made public by an unnamed hacker with claims of obtaining the company’s digitally signed code-signing certificate, which can be fraudulently used to digitally sign files to impersonate Western Digital in consumer products.
The company said it was “investigating the validity of this data” but added that it had “control over our digital certificate infrastructure.” In the event, they are required to take precautionary measures to protect customers, the company is equipped to revoke certificates as needed, it added.
Western Digital also emailed the data breach notifications to its affected customers late Friday afternoon.
While an investigation is underway, the company said it took proactive measures by disconnecting its systems and services from the public Internet. Due to this, it’s My Cloud online storage services were impacted; however, as of April 13, 2023, My Cloud service has been restored.
Currently, Western Digital’s online store is still down, and displaying a message stating, “We’ll be back soon: We are unable to process orders at this time.” The online store is expected to be restored the week of May 15, 2023.
On the other hand, Western Digital said that its factories have been operational and not impacted by the incident, and “we are shipping products to meet our customers’ needs.”
As a precautionary measure, the company has advised its customers to take the following steps to help protect their personal information from potential misuses, such as being cautious of any unsolicited communications that ask for personal information or refer them to a web page asking for personal information.
Further, always avoid clicking on links or downloading attachments from non-reputable sources on the Internet. Additionally, check whether the email account has spam settings to help them detect or block suspicious mails.
