Western Digital shut down its stores and sent out data breach notices to customers after confirming that hackers had stolen sensitive personal data in March.
The company late Friday afternoon emailed a data breach notification, warning that customer data stored in a Western Digital database was stolen during the attack.
"Based on our investigation, we recently discovered that on or about March 26, 2023, an unauthorized third-party user obtained a copy of Western Digital's database containing limited personal information of customers in our online store."
“This information included customer names, billing and shipping addresses, email addresses and phone numbers. As a security measure, the database in question stored hashed passwords (which were encrypted with salt) and some credit card numbers in encrypted form.”
Western Digital has taken the store out of business while it continues to investigate the incident. The store now displays the following message: “Coming back soon: currently unable to process orders”.
The company expects to restore access to the store on May 15, 2023.
Western Digital has also warned affected customers to be wary of spear-phishing attacks, where threat actors impersonate the company and use stolen data to further collect personal information from customers.
How did the attack happen?
The notification of the data breach follows the cyber attack Western Digital received on March 26, when it was found that its network had been breached and the company's data stolen. After the attack, the company shut down its cloud services for two weeks, as well as its mobile, desktop and web applications.
TechCrunch he mentioned that an "anonymous" hacker group broke into Western Digital and stole 10 terabytes of data.
In a memo published on April 28, the hackers taunted Western Digital with screenshots of stolen emails, documents and applications showing they had access to the company's network even after detection.
The hackers also claimed to have stolen the SAP Backoffice database containing customer information and shared screenshots of what appeared to be customer invoices.
They have not released any further data since then and may be threatening Western Digital for ransom.