Digital storage giant Western Digital confirmed that an “unauthorized third party” gained access to its systems and stole personal information belonging to the company’s online store customers.
“This information included customer names, billing and shipping addresses, email addresses and telephone numbers,” the San Jose-based company said in a disclosure last week.
“In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers. We will communicate directly with impacted customers.”
The development comes a little over a month after Western Digital divulged a “network security incident” on March 26, 2023, prompting the company to take its cloud services offline.
A subsequent report from TechCrunch last month revealed that the threat actors behind the attack were allegedly in possession of “around 10 terabytes of data,” and were negotiating with Western Digital for a ransom of a “minimum 8 figures” to avoid leaking the information.
While the identity of the extortionists was unknown at the time, ALPHV (aka BlackCat) ransomware actors have since taken credit for the theft, issuing an ultimatum on April 18, 2023, to make the payment or risk the release of “important documents” and “priceless artifacts.”
The actors have also published various screenshots on their dark web portal, displaying what appears to be video calls, emails, and documents related to Western Digital’s incident response efforts in an attempt to indicate continued access to the company’s systems even after the hack came to light.
Western Digital said it’s aware of the publication of “other alleged Western Digital information,” that it’s “investigating the validity of this data,” and that it has “control over our digital certificate infrastructure.”
It has also taken the step of taking its online store offline, which it said is expected to be restored the week of May 15, 2023. Access to My Cloud service was restored on April 13, 2023.