Western Digital customer info hacked; company says investigation is underway

Western Digital, a global data storage technology and solutions provider, has announced that it suffered a network security breach that occurred on March 26, 2023. The company confirmed through a press release published on its website that an unauthorised third party gained access to some of its systems.

“On March 26, 2023, we identified a network security incident where an unauthorised third party gained access to a number of the Company’s systems,” it said in the press statement.

The breach was detected on April 2 after which company implemented incident response efforts and initiated an investigation into the matter with the assistance of leading security industry experts. As a precautionary measure, Western Digital also disconnected its systems and services from the public Internet.

“As a precautionary measure to secure our business operations, the Company proactively disconnected our systems and services from the public Internet. We are progressing through our restoration process and the majority of our impacted systems and services are now operational, ” it said in the release.

While the factories have been running throughout the incident, the company has been restoring its impacted systems and services. As of April 13, 2023, the My Cloud service was restored, while account access to Western Digital’s online store is expected to be restored the week of May 15, 2023.

Western Digital has confirmed that an unauthorised party obtained a copy of a database used for its online store that contained some personal information of its online store customers. This included customer names, billing and shipping addresses, email addresses, and telephone numbers. The database also contained hashed and salted passwords and partial credit card numbers in encrypted format. The company will communicate directly with those affected by the theft. The company has not disclosed the number of customers affected by the data breach.

According to a Tech Crunch report, one of the hackers involved in the data theft told the news website that they had stolen nearly 10 terabytes of data and it included customer information.