Western Digital has confirmed that customer data was stolen by hackers in a security breach that occurred in March 2023.
The storage company stated that personal information belonging to online store customers, including names, billing and shipping addresses, email addresses, and telephone numbers, was accessed by an "unauthorized third party."
The breached database contained hashed and salted passwords, partial credit card numbers, and other sensitive information that was encrypted. The company has stated that it will contact affected customers directly to provide more information.
The cyber attack occurred on March 26, 2023, and prompted Western Digital to take its cloud services offline. TechCrunch reported last month that the hackers behind the breach were allegedly in possession of around 10 terabytes of data and demanded a ransom of a "minimum 8 figures" to avoid releasing the information. ALPHV (also known as BlackCat) ransomware actors have taken credit for the theft and have threatened to release "important documents" and "priceless artifacts" if the ransom is not paid.
Western Digital is investigating the incident and is currently verifying the validity of other alleged information that has been published online. The company has taken its online store offline and plans to restore it by the week of May 15, 2023. Access to My Cloud service has already been restored since April 13, 2023. Western Digital is taking steps to ensure that its digital certificate infrastructure remains under control and is addressing the security vulnerabilities that led to the breach.