Hacker group compromises Western Digital

Hackers had stolen sensitive information from Western Digital in a cyber attack in March 2023. After an investigation confirmed the incident, Western Digital has taken its stores offline and sent data breach notifications to customers.

On May 5, the company sent a data breach notification via email that its database had been attacked and that customer data stored therein had been stolen.

Western Digital said, "Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers. The information included customer names, billing and shipping addresses, email addresses, and telephone numbers. As a security measure, the relevant database stored, in encrypted format, hashed passwords (which were salted) and partial credit card numbers."

While Western Digital continues to investigate the incident, it has also taken its stores offline. Its store now displays only a message that reads, "We'll be back soon: We are unable to process orders at this time."

User access is expected to be restored on May 15, 2023. In the meantime, Western Digital is also advising those affected customers to be on the lookout for spear phishing attacks, where some threatening actors may pose as companies and use stolen data to collect more personal information from customers.

Western Digital suffers cyber attack

On March 26, Western Digital suffered a cyber attack that revealed that its network had been hacked and company data stolen, and subsequently issued a data breach notification. In response to the attack, the company shut down cloud services for two weeks, along with mobile, desktop and web applications.

According to TechCrunch, an "unnamed" hacking group previously breached Western Digital and claimed to have stolen 10 terabytes of data. Although the threat actors said they were not affiliated with the ALPHV ransomware, they used their data breach site to extort Western Data and link them to the ransom ring.

In a report released on April 28, the attackers taunted Western Digital by posting screenshots of stolen emails, files and applications. The screenshots showed that they had access to the company's network even though their actions had been discovered by the company.

The hackers also claimed to have stolen an SAP Backoffice database containing customer information and shared a screenshot of a suspected customer invoice. No further data has been released by the threat actors since this time, which also suggests that they are still extorting Western Digital for now, hoping to use this opportunity to get a large ransom.