Western Digital Corp. provided an update on a network security incident involving its systems.
On March 26, 2023, it identified a network security incident where an unauthorized third party gained access to a number of the company’s systems.
On April 2, 2023, it disclosed that upon discovery of this incident, we implemented incident response efforts and initiated an investigation with the assistance of leading security industry experts. This investigation is underway and includes analysis to understand the nature and scope of data obtained by the unauthorized party.
As a precautionary measure to secure our business operations, the company proactively disconnected its systems and services from the public Internet. It is progressing through its restoration process and the majority of its impacted systems and services are now operational. Its factories are and have been operational throughout this incident and it is shipping products to meet our customers’ needs. While initially impacted by our proactive measures, as of April 13, 2023, My Cloud service was restored. Account access to the firm’s online store also was impacted and is expected to be restored the week of May 15, 2023.
In collaboration with outside forensic experts, WD confirmed that an unauthorized party obtained a copy of its database used for its online store that contained some personal information of its online store customers. This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers. The company will communicate directly with impacted customers.
It is aware that other alleged the company’s information has been made public. It is investigating the validity of this data and will continue reporting its findings as appropriate.
Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to WD in consumer products, the firm can confirm that it has control over its digital certificate infrastructure. In the event it needs to take precautionary measures to protect customers, it is equipped to revoke certificates as needed. The company had like to remind consumers to always use caution when downloading applications from non-reputable sources on the Internet.