Western Digital informs customers that hackers stole personal data
Western Digital customers who have used the company's Western Digital online store may have had personal information stolen by hackers.
The company revealed in early April 2023 that it suffered a security breach in March 2023 and took some systems offline as a consequence. The information published at the time was scarce. Western Digital did confirm that hackers gained access to several company systems and that it has started an investigation into the breach.
Online magazine Techcrunch managed to talk to one of the alleged hackers in mid-April 2023. It turned out that the hackers managed to obtain about 10 terabytes of data from Western Digital, including internal data. It was still unclear, at this point, if and how Western Digital customers were affected by the breach.
Western Digital has sent out emails to customers on May 5, 2023 in which it informs them about the network security incident. In it, the company confirms that an "unknown third party" managed to access customer data.
In particular, the party managed to obtain access to "limited personal information" from an online store database. The database contains personal information, including "customer names, billing and shipping addresses, email addresses, and telephone numbers". It also included hashed user passwords and "partial credit card numbers" according to Western Digital's emails.
The company has suspended access to its online store and the ability to make online purchases, according to the email. It expects to restore access in the week of May 15, 2023.
Western Digital warns customers that they may receive unsolicited communications. These may ask for personal information, or the clicking on links or viewing of attachments.
Affected Western Digital customers may want to check their password usage. If they have reused the password used on the WD Store, they may want to change it immediately. Once the Store's functionality is restored, they may also want to change the password at the Store.
As Western Digital mentioned in the email, it is possible that customers may be contacted by third-parties using the stolen information. This may happen via email, but since phone numbers and addresses may also be known, it may also happen through these channels. Extra caution is advised.
Closing Words
The hackers may use the data of Western Digital customers in a number of way. They may sell it on the darknet, or use it for their own attacks against particular customers. Western Digital should consider resetting all Western Digital Store account user passwords, as this blocks attacks against the existing user accounts entirely.
Now You: what is your take on Western Digital's response to the incident?
Do they really need to keep data for over 3 years?
I can see an employer keeping employee records for several years but a retailer keeping customer data?
I got the email you speak of.
I last made a purchase from the WD store in Jan of 2020. I used Paypal as I do whenever I can so my #CC is not at risk but that’s only a minor comfort.
I’ve got a freind right now who is being refused entry into the US even though he is a naturalized citizen because someone else has used his identity in the act of commiting crimes.
Are you kidding me…??