Western Digital, which was hit by a BlackCat hack in March 2023, has finally admitted that customers’ personal data was compromised during the incident.
Users of the company’s online store were affected: the leak contained their names, billing and shipping addresses, email addresses and phone numbers.
Western Digital was hacked at the end of March 2023. Then the attackers compromised the internal network and stole the company’s data. At the same time, ransomware was not deployed on the Western Digital network, and the files were not encrypted.
As a result of this attack, the company’s cloud services, including Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi and SanDisk Ixpand Wireless Charger, as well as mobile, desktop and web applications related to them, did not work for almost two weeks.
The responsibility for this attack, apparently, lies with the extortionist group BlackCat (aka ALPHV).
Let me remind you that Experts linked BlackCat (ALPHV) ransomware to BlackMatter and DarkSide groups.
Recently, hackers have begun leaking data stolen from Western Digital and are threatening to sell the company’s stolen intellectual property, including firmware, code-signing certificates and customer personal information, on the black market unless ransomed.
At the end of last week, Western Digital representatives began to notify users of a data breach related to this attack.
Western Digital has now taken its online store offline and an investigation into the incident is still ongoing. The company says it expects to reopen the store around May 15, 2023.
Let me remind you that the media wrote that Western Digital My Cloud OS Fixes Critical Vulnerability.