Western Digital notifies customers of data breach after March cyberattack

Source Twitter

Western Digital is notifying its customers of a data breach that exposed their sensitive personal information, the incident took place in March.

In March 2022, Western Digital was hit by a ransomware attack and in response to the incident, it shut down several of its services. The company disclosed that an unauthorized party gained access to multiple systems.

“Western Digital is currently experiencing a service outage impacting the following products: My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Charger.” reads the status page of the company on April 2, 2023. “We are working to restore service. We apologize for any inconvenience. Next update will be posted on Monday, April 3.

“On March 26, 2023, Western Digital identified a network security incident involving Western Digital’s systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company’s systems.” reads the press release issued by the company. “Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities.”

According to an Update on Network Security Incident the company states that account access to Western Digital’s online store also was impacted and that it plans to restore the service by the week of May 15, 2023.

The company is sending customers data breach notification letters to confirm that threat actors have stolen sensitive personal information in the March attack. The company said that they are working with leading forensic and security experts to investigate the extent of the incident in coordination with law enforcement.

“We are writing to notify you about a network security incident involving your Western Digital online store account. After learning of the incident, we quickly launched an investigation to understand its nature and scope. Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers.” reads the data breach notification sent by Western Digital to the customers. “The information included customer names, billing and shipping addresses, email addresses, and telephone numbers. As a security measure, the relevant database stored, in encrypted format, hashed passwords (which were salted) and partial credit card numbers. We have temporarily suspended online store account access and the ability to make online purchases. We expect to restore access the week of May 15, 2023.”

Source Twitter

Exposed information included customer names, billing and shipping addresses, email addresses, and telephone numbers. The company pointed out that the compromised database contained customers’ hashed/salted passwords and partial credit card numbers

Western Digital is warning customers of being cautious of any unsolicited communications that ask for their personal information or refer them to a web page asking for personal information. Customers are recommended to avoid clicking on links or downloading attachments from suspicious emails.

The threat actors behind the ransomware attack are threatening to leak the stolen data and are using the leak site of the ALPHV ransomware group even if they appear not directly affiliated with the RaaS.

“We’ve seen speculation surrounding customer data. To clarify, we obtained a full backup of their SAP Back Office, which dates back to the last week of March. The backup contains everything and anything you could imagine from the beginning of their partnership with SAP. Industry Experts can explain to the public what a full backup entails.” reads a message published on the leak site by the group. “However, it’s important to know that WDC discovered the breach the next day and canceled their SAP contract. As a result, their online store remains non-functional! Their average cloud spend exceeds 7 figures every month.”

The last message from the group is dated April 28, a circumstance that suggests they are still attempting to extort Western Digital.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.