iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Storage company Western Digital sent a data breach notification to its customers following a cyber incident in March.
The company first revealed the possible attack on 3 April, when it announced it was shutting down its cloud services for two weeks while it investigated the incident. At the same time, hackers apparently linked to the ALPHV ransomware group were boasting that they still had access to Western Digital’s systems weeks after the initial breach.
“Upon discovery of the incident, the company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts,” the company said at the time. “This investigation is in its early stages, and Western Digital is coordinating with law enforcement authorities.”
However, the letter Western Digital sent out confirms that its investigations have revealed that customer data was compromised.
“Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorised party obtained a copy of a Western Digital database that contained limited personal information of our online store customers,” the letter — seen by Bleeping Computer — read.
“The information included customer names, billing and shipping addresses, email addresses, and telephone numbers. As a security measure, the relevant database stored, in encrypted format, hashed passwords (which were salted) and partial credit card numbers.”
The company has shut down its online store as a further precaution but hopes to restore access to online purchases on 15 May.
The letter goes on to warn Western Digital customers to be on the lookout for any phishing attempts or other “unsolicited communications”.
In a separate press release, the company also added: “We are aware that other alleged Western Digital information has been made public. We are investigating the validity of this data and will continue reporting our findings as appropriate.”
As of writing, however, Western Digital has not divulged how many customers were affected by the breach, though the hackers behind the incident claim to have stolen over 10 terabytes of data in the breach.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
