Western Digital Confirms Hackers Pilfered Customer Data in March Cyber Attack

Data storage giant Western Digital is emailing customers to confirm that a cyber-intrusion in March resulted in hackers pilfering user data.

As some readers might recall, WD last month informed users that an “unauthorized party” gained access to a number of company systems in late March.

Upon discovering the breach, the company launched its incident response protocols, which involved taking some systems and services offline, including its flagship My Cloud service.

In a recent update on its website, WD said it is progressing through the restoration process and most impacted systems and services are now operational, including My Cloud. Access to Western Digital’s online store is expected to be restored next week.

Customer data compromised

The same update also reveals that whoever intruded on WD in March also “obtained a copy of a Western Digital database used for our online store that contained some personal information of our online store customers.”

“This information included customer names, billing and shipping addresses, email addresses and telephone numbers,” reads the notice. “In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers. We will communicate directly with impacted customers.”

Some affected users, understandably disgruntled, are reporting receiving the informative letter in their inboxes.

Credit:jack201 via hotukdeals.com

The letter, signed by WD’s vice president of e-commerce, tells recipients to watch out for phishing attacks and other socially-engineered tricks that threat actors might employ to capitalize on the stolen data.

“We take the protection of your personal information very seriously and regret any inconvenience this may cause you,” the letter ends.

An empty apology

While WD’s response is apologetic, it fails to offer any real assistance – such as complementary credit card monitoring – to steer affected customers clear of fraud.

Last week, hackers believed to be part of the ALPHV ransomware operation started leaking screenshots of emails, videos and other materials from inside WD pertaining to the hack, which indicated that the perps still had access to company systems long after the initial intrusion.

WD has not yet responded to any media inquiries about the breach.

Bitdefender Digital Identity Protection scans the web for unauthorized leaks of your personal data, monitoring whether your accounts are exposed and making it easy to take action before disaster strikes.