Hackers stole database with customer info from Western Digital
Data storage giant Western Digital said hackers stole a database containing the personal information of customers during a cyberattack that occurred on March 26.
The company — which had 2022 revenues of about $19 billion and is best known for the SanDisk brand of portable hard drives and removable memory cards — announced the hack last month.
On Friday, Western Digital’s vice president of e-commerce, Eyal Bek, sent a letter to customers confirming that names, billing and shipping addresses, email address and phone numbers were included in the stolen database.
“We are working with leading outside forensic and security experts to assist with our investigation and are coordinating with law enforcement,” Bek said. The company did not specify which experts it hired.
“As a security measure, the relevant database stored, in encrypted format, hashed passwords (which were salted) and partial credit card numbers,” Bek said. “We have temporarily suspended online store account access and the ability to make online purchases. We expect to restore access the week of May 15, 2023.”
The company urged customers to be wary of messages asking for personal messages and warned against clicking on any links in emails from unknown senders.
Western Digital sent out a notification to customers regarding what we believe to be about ALPHV ransomware group.— vx-underground (@vxunderground) May 6, 2023
Information via @CorruptedPixl pic.twitter.com/OichxqLf1Y
Western Digital’s My Cloud service was offline for more than two weeks before it was restored on Friday.
The hackers told TechCrunch on April 13 that they stole 10 TB of data and due to their access, they were able to digitally sign files as if they were Western Digital. The hackers also gained access to the company’s e-commerce data platform SAP Backoffice. They even alleged to have screenshots of a video call held by the company’s employees.
They claimed they were not affiliated with the AlphV/Black Cat ransomware gang but would use that group’s leak site to threaten and extort the company.
Since then, the hackers have repeatedly posted lengthy rants criticizing Western Digital for refusing to negotiate with them, angry that their interview with TechCrunch did not bring the company to the table.
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.