Western Digital sends customers a personal data breach notification

Why it matters: During its internal investigation of the data breach suffered in March, Western Digital discovered a “limited” access to customers’ personal data. Such data could in turn be used for phishing attacks, while the company still isn’t interested in paying the ransom to get its files back.

As internal investigations are discovering the true extent of the attack suffered by Western Digital in March, the data breach’s potential effects on customers are becoming increasingly troublesome. The American storage company is now acknowledging that hackers actually had access to its users’ data, and that such data could become a treasure trove for cyber-criminals.

In a security notification sent to customers during the weekend, WD said it’s working with “leading outside forensic” and security experts to understand what actually happened on its servers. The investigation brought to light the fact that, around March 26, unknown hackers got a copy of a “Western Digital database” containing “limited” personal information taken from the company’s online store.

The “limited” definition used by WD for the data breach is rather questionable, as the stolen database included highly valuable data such as customers’ real names, billing and shipping addresses, email addresses, and telephone numbers. Hashed passwords and partial credit card numbers present in the database were seemingly encrypted, the company said.

WD has temporarily suspended access to its store, therefore, online purchases will be unavailable at least until May 15, 2023. Despite the “limited” data contained in the stolen database, the San Jose corporation is providing customers some precautionary measures to avoid further issues during their online activities.

The “limited” data obtained by cyber-criminals could indeed be used to set up complex spear-phishing attacks, with hackers sending users unsolicited messages asking for further personal information or providing a link to a fake web page designed to get such data.

According to unverified claims, an unknown hacking group was able to breach WD’s network, install a ransomware and steal ten terabytes of data. The cyber-criminals are seemingly part of the ALPHV ransomware operation, as they used the group’s data leak site to try and extort the company by showing screenshots of emails, documents and other data. As of April 28, the hackers claimed they still had access to WD’s network despite being discovered in March.