Cyber Security Threat Summary:
“Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack. The company emailed the data breach notifications late Friday afternoon, warning that customers' data was stored in a Western Digital database stolen during the attack” (Bleeping Computer, 2023). "Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers," Western Digital said. "The information included customer names, billing and shipping addresses, email addresses, and telephone numbers. As a security measure, the relevant database stored, in encrypted format, hashed passwords (which were salted) and partial credit card numbers."

Western Digital has since taken it’s store offline as it continues to investigate the unauthorized access. The company expects to be operational again by May 15, 2023. Impacted customers are being warned by the company that they could be targeted by spear-phishing attacks related to the stolen data. The personal information stolen from customers can be used by threat actors to craft socially engineered phishing messages.

Security Officer Comments:
On March 26, 2023, Western Digital discovered their network had been hacked and that company data was stolen. In response the shut down cloud services for nearly two weeks, which included mobile, desktop, and web applications. The unnamed hacking group responsible for the attacks, claims to have stolen around 10 terabytes of data. While the responsible threat actors claim not to be part of the ALPHV ransomware operation, they are using the ransomware groups leak site to taunt the company.

“In a note published on April 28th, the threat actors released screenshots of stolen emails, documents, and applications that showed they still had access to the company's network even after being detected. The hackers also claimed to have stolen an SAP Backoffice database containing customer information and shared a screenshot of what appears to be customers' invoices. Since then, no further data was released by the threat actors, likely indicating that they are still extorting Western Digital in the hopes of receiving a ransom demand” (Bleeping Computer, 2023).

Suggested Corrections:
Impacted customers should heed Western Digitals advice to stay vigilant against phishing emails.

Do not open emails or download software from untrusted sources
Do not click on links or attachments in emails that come from unknown senders
Do not supply passwords, personal, or financial information via email to anyone (sensitive information is also used for double extortion)
Always verify the email sender's email address, name, and domain
Backup important files frequently and store them separately from the main system
Protect devices using antivirus, anti-spam and anti-spyware software
Report phishing emails to the appropriate security or I.T. staff immediately


Link(s):
https://www.bleepingcomputer.com/news/security/western-digital-says-hackers-stole-customer-data-in-march-cyberattack/