Western Digital Admits that Users’ Personal Data Was Compromised in the Company’s Hack

Western Digital acknowledged attack

Western Digital, which was hit by a BlackCat hack in March 2023, has finally admitted that customers’ personal data was compromised during the incident.

Users of the company’s online store were affected: the leak contained their names, billing and shipping addresses, email addresses and phone numbers.

Western Digital was hacked at the end of March 2023. Then the attackers compromised the internal network and stole the company’s data. At the same time, ransomware was not deployed on the Western Digital network, and the files were not encrypted.

As a result of this attack, the company’s cloud services, including Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi and SanDisk Ixpand Wireless Charger, as well as mobile, desktop and web applications related to them, did not work for almost two weeks.

The responsibility for this attack, apparently, lies with the extortionist group BlackCat (aka ALPHV).

Let me remind you that Experts linked BlackCat (ALPHV) ransomware to BlackMatter and DarkSide groups.

Recently, hackers have begun leaking data stolen from Western Digital and are threatening to sell the company’s stolen intellectual property, including firmware, code-signing certificates and customer personal information, on the black market unless ransomed.

At the end of last week, Western Digital representatives began to notify users of a data breach related to this attack.

Recently, an investigation revealed that around March 26, 2023, an unauthorized third party received a copy of a Western Digital database that contained limited personal information about our online store customers. The data included customer names, billing and shipping addresses, email addresses, and phone numbers. As a security measure, the database stored hashed salted passwords in an encrypted format, as well as only partial credit card numbers. We will contact affected customers directly.the company says.

Western Digital has now taken its online store offline and an investigation into the incident is still ongoing. The company says it expects to reopen the store around May 15, 2023.

Let me remind you that the media wrote that Western Digital My Cloud OS Fixes Critical Vulnerability.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *