After learning that hackers obtained sensitive personal information in a cyberattack in March, Western Digital pulled its store offline and notified consumers of the data breach. Late Friday afternoon, the business sent out emails warning of the data breach and informing clients that their personal information was contained in a Western Digital database that had been stolen.
“Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers,” Western Digital said.
While they do their investigation, Western Digital has shut down its online store, which is currently showing a notice that reads, “We’ll be back soon: We are unable to process orders at this time.” The business plans to reopen the store on May 15th, 2023. Additionally, Western Digital cautions impacted consumers to be watchful for spear-phishing attempts, in which cyber actors pose as the organization and exploit the data they have obtained to collect more personal information from clients.
Western Digital learned its network had been breached and company data had been stolen on March 26th, the day after it had experienced a cyberattack. In reaction to the attack, the business pulled down its cloud services for two weeks, along with its mobile, desktop, and online applications. According to TechCrunch, an “unnamed” hacker organization allegedly broke into Western Digital and took ten terabytes of data.
Although the threat actors deny being a part of the ALPHV ransomware campaign, they extorted Western Digital via their data leak site, connecting them to the extortion ring in some way. Threat actors mocked Western Digital in a message sent on April 28th by publishing images of stolen emails, documents, and programs that demonstrated they continued to have access to the company’s network despite being discovered.
The hackers also published an image of what seemed to be customer bills and claimed to have stolen an SAP Backoffice database holding client information. Since then, the threat actors have not disclosed any further information, presumably because they still intend to seek a ransom from Western Digital.