Western Digital says hackers stole customer data in March cyberattack

Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack.

The company emailed the data breach notifications late Friday afternoon, warning that customers' data was stored in a Western Digital database stolen during the attack.

"Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers," 

"The information included customer names, billing and shipping addresses, email addresses, and telephone numbers. As a security measure, the relevant database stored, in encrypted format, hashed passwords (which were salted) and partial credit card numbers."

Western Digital has taken its store offline while they continue investigating the incident, with the store now displaying a message stating, "We'll be back soon: We are unable to process orders at this time."

The company expects to restore access to the store on May 15th, 2023.

Western Digital also warns impacted customers to be vigilant against spear-phishing attacks, where threat actors impersonate the company and use the stolen data to gather further personal information from customers.

The Western Digital cyberattack

The data breach notification come after Western Digital suffered a cyberattack on March 26th, when the company discovered its network was hacked and company data was stolen.

In response to the attack, the company shut down its cloud services for two weeks, along with mobile, desktop, and web apps.

TechCrunch reported that an "unnamed" hacking group breached Western Digital, claiming to have stolen ten terabytes of data.

While the threat actors claim not to be part of the ALPHV ransomware operation, they used their data leak site to extort Western Digital, linking them in some manner to the extortion gang.

In a note published on April 28th, the threat actors taunted Western Digital by releasing screenshots of stolen emails, documents, and applications that showed they still had access to the company's network even after being detected.

The hackers also claimed to have stolen a SAP Backoffice database containing customer information and shared a screenshot of what appears to be customers' invoices.

Since then, no further data was released by the threat actors, likely indicating that they are still extorting Western Digital in the hopes of receiving a ransom demand.

Western Digital says hackers stole customer data in March cyberattack