Western Digital store offline due to March breach
The Western Digital online store is offline as a result of the “network security incident” it suffered in March 2023.
Users have been notified
On May 5, 2023, the company emailed its customers to say that an unauthorized party obtained a copy of the database used for their online store, which contained some personal customer information.
“This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers,” Western Digital informed.
Western Digital’s email to customers (Source: Western Digital)
The company worries about the stolen data getting misused to launch phishing attacks and has advised users to:
- Be vigilant about unsolicited emails that ask for personal data
- Avoid clicking on suspicious links and downloading attachments
- Enable spam filters in email settings
Investigations are still under way
In early April, the company informed the public and its customers that it identified the incident on March 26, 2023.
It called in external security and forensic experts, started IR efforts and took systems and services offline.
Customers could not access the My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, SanDisk Ixpand Wireless Charger service from April 3 to April 12.
Western Digital says that although the restoration process is still ongoing, the majority of systems and services are currently functioning. Even during the incident, the factory remained operational and products were being shipped, they shared.
The online store is offline as the investigation is ongoing, and they anticipate getting it back online on May 15, 2023.
“We are aware that other alleged Western Digital information has been made public. We are investigating the validity of this data and will continue reporting our findings as appropriate,” the company added.
“Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure. In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed.”