Western Digital Breached – Customer Data Exfiltrated
The past couple of months saw a huge spike in cyberattacks targeting big companies worldwide. Those include the likes of directory publisher Yellow Pages and food giant Yum! Brands. While the companies vary, the results are the same – sensitive information out in the open. Now, another incident sees Western Digital in the malicious spotlight.
A few days back, the leader in digital storage solutions disclosed that hackers were able to infiltrate their systems and get a hold of sensitive personal information back in March.
Such attacks almost always end up with stolen information, but the question remains: How did the threat actors manage to gain access to Western Digital’s systems? We’ll answer that below.
Another Day Another Breach – Western Digital Warns Customers
As we mentioned, cybercrime is on the rise, and threat actors keep targeting victims with data that can impact millions of people.
Hackers are elevating their techniques and capabilities. This is clearly shown in this particular attack. They were able to infiltrate such a huge organization, which shows how well-balanced and capable the threat actors behind this breach are.
Western Digital is huge, and data stolen from the company can be very beneficial to the individuals behind the breach.
The attack occurred back in March. However, not until recently did the company disclose what really went on in a statement provided below:
“On March 26, 2023, we identified a network security incident where an unauthorized third party gained access to a number of the Company’s systems.
On April 2, 2023, we disclosed that upon discovery of this incident, we implemented incident response efforts and initiated an investigation with the assistance of leading security industry experts.
This investigation is underway and includes analysis to understand the nature and scope of data obtained by the unauthorized party.
In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed.
We’d like to remind consumers to always use caution when downloading applications from non-reputable sources on the Internet.”
Source: Western Digital
The investigation continued after that, and Western Digital sent out notifications, warning customers that their data (Stored in a Western Digital database) was exfiltrated during the attack.
According to the statement and what we’ve already covered, sensitive information was indeed harvested during the attack. This data includes:
- Customer names
- Billing addresses
- Shipping addresses
- Email addresses
- Telephone numbers.
Due to the chaos, the cyberattack has caused, Western Digital’s store is offline while the company further investigates the incident.
Store Down, Cybercrime Up
If customers try to visit the online store, it’ll only show them a message that states: “We’ll be back soon: We are unable to process orders at this time.”
The stolen data is more than enough for the threat actors to perform various malicious practices. If you’re an affected customer, make sure to stay cautious when handling emails or text messages. They can be phishing attempts.