The popular PC storage manufacturer, Western Digital, has confirmed that it experienced a network security breach earlier this year, in which an unauthorized third party gained control of several of its systems.
The incident took place on March 26, 2023, but was immediately addressed by the manufacturer, with Western Digital reporting the breach bringing in top security experts to launch an investigation, which is currently ongoing, the company said in a statement.
The bad actors in charge of the breach were able to get access to a copy of a database used to operate the Western Digital online store. Information from this database includes “personal customer information, such as names, billing and shipping addresses, email addresses, and telephone numbers,” as well as “Encrypted hashed and salted passwords and partial credit card numbers,” the company noted.
In collaboration with external forensic experts, the investigation aims to determine the brevity of the breach, and Western Digital said it plans to directly contact customers that have had their data compromised.
The company also warns customers against using digital signing technology that could be fraudulent, noting that it has “control over its digital certificate infrastructure,” and is “equipped to revoke certificates as needed.” Western Digital also reminds its users to be mindful when downloading applications from unofficial sources on the internet.
The brand said its systems and services are now restored since the initial breach and product shipments have not been affected as per customer demand. Services that were shut down, include My Cloud, which was restored on April 13, 2023. Western Digital online store accounts are set to be restored during the week of May 15, 2023.
Western Digital also notes with the investigation being ongoing, that its forward-looking statements are not concrete, and updates that might come in the future might give different details than what the company is saying now.
Still, Western Digital has been much more open about its breach than many other companies traditionally. In October 2022, Microsoft servers suffered a breach that potentially affected over 65,000 entities across 111 countries and the company declined to comment. In August 2022, The Android-based payment system, Wiseasy, well-known in the Asia-Pacific region suffered a malware hack. Reports at the time said there was no information on whether Wiseasy had plans to directly tell its customers about the hack.