Western Digital Corp. (NASDAQ: WDC) has revealed that it experienced a network security breach on March 26, 2023, where an unauthorized third party gained access to a number of the company’s systems. The company issued a press release on April 2, 2023, confirming that it had implemented incident response efforts and initiated an investigation with the help of leading security industry experts.
In collaboration with outside forensic experts, the company confirmed the hackers obtained a copy of the Western Digital database used for its online store. The database contained personal information of the company’s online store customers, including customer names, billing, and shipping addresses, email addresses, and telephone numbers.
In a recent update, Western Digital Corp. disclosed that it has disconnected its systems and services from the public Internet as a precautionary measure to secure its business operations. The company has made progress in restoring its impacted systems and services, with the majority now operational. The My Cloud service was restored on April 13, 2023, while account access to Western Digital’s online store was impacted and is expected to be restored by the week of May 15, 2023.
In addition, the database contained, in an encrypted format, hashed and salted passwords and partial credit card numbers. Western Digital Corp. has pledged to communicate directly with impacted customers.
The company is aware that other alleged Western Digital information has been made public and is investigating the validity of this data. In response to reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, the company has confirmed that it has control over its digital certificate infrastructure.
If needed, it can revoke certificates as a precautionary measure to protect customers. The company also reminds consumers to use caution when downloading applications from non-reputable sources on the Internet.
The press release contains forward-looking statements within the meaning of the federal securities laws, including statements regarding the network security incident, related responsive actions and communications, the restoration of systems and services, and the ability to implement additional precautionary measures.
The forward-looking statements are based on management’s current expectations and are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied in the forward-looking statements.
Following the announcement by Western Digital Corp. regarding a recent network security incident, many customers are expressing concern about the safety of their personal information. The incident, which occurred on March 26, 2023, involved an unauthorized third party gaining access to a number of the company’s systems.
In response to the incident, Western Digital proactively disconnected its systems and services from the public internet as a precautionary measure. The company has since been working to restore its impacted systems and services, and the majority are now operational. The My Cloud service was restored on April 13, 2023, but account access to Western Digital’s online store remains impacted and is expected to be restored the week of May 15, 2023.
Western Digital has confirmed that it is collaborating with outside forensic experts to investigate the incident and understand the nature and scope of data obtained by the unauthorized party. The company has also confirmed that it has control over its digital certificate infrastructure and is equipped to revoke certificates as needed to protect customers.
Many customers are understandably concerned about the safety of their personal information, and Western Digital has committed to communicating directly with impacted customers. The company has also reminded consumers to use caution when downloading applications from non-reputable sources on the internet.
The incident is a reminder of the importance of network security and the need for companies to take proactive measures to protect their systems and the personal information of their customers. As the investigation continues, Western Digital will be closely monitoring the situation and providing updates as appropriate.