Western Digital’s data breach just keeps getting worse

Storage manufacturer Western Digital has acknowledged that a major breach earlier this year, which took out consumer cloud services for over a week, resulted in the loss of its customers’ data to unauthorized parties.

In a May 5 press release, Western Digital said hackers stole a database associated with online retail sales. The company identified the breach on March 26 and initially disclosed their response on April 2. The company wrote that it had worked with “outside forensic experts” over the course of its investigation.

“This information included customer names, billing and shipping addresses, email addresses, and telephone numbers,” the press release stated. “In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers.”

“We will communicate directly with impacted customers,” the company added.

The release additionally acknowledged reports that “other alleged Western Digital information has been made public,” likely referring to a TechCrunch article that reported that the alleged attackers demonstrated their ability to falsify Western Digital’s code-signing certificate, and provided evidence they had obtained 10 terabytes of data. Parts of the haul seen by TechCrunch included executives’ personal data, corporate files and emails, and information from SAP Backoffice, an e-commerce management platform.

TechCrunch had reported the hackers were demanding a “minimum 8 figures” ransom, an exorbitant amount by cybercrime standards.

It’s not clear how many customers were affected, although one Western Digital client shared a copy of a notification email with TechCrunch. Ransomware group Alphv (aka BlackCat) has taken credit for the incident, Hacker News reported, and has issued threats and taunts alongside various screenshots intended to demonstrate the breadth of their access.

Charlie Smalling, a PR rep for Western Digital, declined to comment beyond the May 5 press release.—TM