Customers' personal info stolen in data breach, Western Digital says
rockpapershotgun.comWestern Digital, the PC storage giants behind some of the best gaming SSDs, have released an update on a data breach that occurred in late March. Uplifting news, it is not: the "network security incident" was a large-scale case of digital thievery, with the culprits stealing a database containing the names, billing and shipping addresses, email addresses, and telephone numbers of customers to WD's online store.
The plundered database also included encrypted and salted passwords and partial credit card numbers, according to the statement. Western Digital are contacting affected users directly, and have temporarily shut down their store.
Though the company first publicly acknowledged the breach with a press release on April 3rd, more than a week after the March 26th incident took place, Western Digital kept quiet on both the content and the nature of the breach while they investigated. TechCrunch, however, soon reported it as an extortion attempt, with the then-unnamed hackers demanding an eight-figure sum for the stolen data’s return. Ransomware group BlackCat ultimately claimed responsibility, and according to security researcher Dominic Alvieri have already been sharing screenshots of other pilfered material including Western Digital’s internal comms and videoconferences.
"We are aware that other alleged Western Digital information has been made public,” the latest WD statement reads. “We are investigating the validity of this data and will continue reporting our findings as appropriate."
"Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure.
Read more on rockpapershotgun.com
