/

Western Digital Data Breach: What & How It Happened?

Western Digital Data Breach: What & How It Happened?

Twingate Team

Jun 14, 2024

In March 2023, Western Digital experienced a data breach when an unauthorized third party accessed their systems. The breach affected a database containing customer information. The company took steps to secure their systems and launched an investigation. They have been working to restore services and are in communication with those affected.

How many accounts were compromised?

The data breach impacted over 2.5 million customer accounts.

What data was leaked?

The data exposed in the breach included customer names, billing and shipping addresses, email addresses, telephone numbers, hashed and salted passwords, and partial credit card numbers.

How was Western Digital hacked?

The unauthorized third party breached Western Digital's systems and gained access to a database containing personal information of online store customers. The hackers, identified as the ALPHV (aka BlackCat) ransomware group, allegedly obtained around 10 terabytes of data and demanded a minimum 8-figure ransom. Despite Western Digital's incident response efforts, the hackers continued to have access to the company's systems, as evidenced by published screenshots on their dark web portal.

Western Digital's solution

In response to the hack, Western Digital took several measures to secure its platform and prevent future incidents. This included implementing incident response efforts, initiating an investigation with the help of security industry experts, and disconnecting its systems and services from the public Internet. The majority of the impacted systems and services have been restored, and the company is committed to fully assessing and remedying the security incident. Western Digital will continue to implement additional precautionary measures to protect its business operations.

How do I know if I was affected?

Western Digital has been communicating directly with affected customers regarding the data breach. If you're a Western Digital customer and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account, and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes to the respective service providers.

For more specific help and instructions related to Western Digital's data breach, please contact Western Digital Support directly.

Where can I go to learn more?

For more information on the Western Digital data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

Western Digital Data Breach: What & How It Happened?

Western Digital Data Breach: What & How It Happened?

Twingate Team

Jun 14, 2024

In March 2023, Western Digital experienced a data breach when an unauthorized third party accessed their systems. The breach affected a database containing customer information. The company took steps to secure their systems and launched an investigation. They have been working to restore services and are in communication with those affected.

How many accounts were compromised?

The data breach impacted over 2.5 million customer accounts.

What data was leaked?

The data exposed in the breach included customer names, billing and shipping addresses, email addresses, telephone numbers, hashed and salted passwords, and partial credit card numbers.

How was Western Digital hacked?

The unauthorized third party breached Western Digital's systems and gained access to a database containing personal information of online store customers. The hackers, identified as the ALPHV (aka BlackCat) ransomware group, allegedly obtained around 10 terabytes of data and demanded a minimum 8-figure ransom. Despite Western Digital's incident response efforts, the hackers continued to have access to the company's systems, as evidenced by published screenshots on their dark web portal.

Western Digital's solution

In response to the hack, Western Digital took several measures to secure its platform and prevent future incidents. This included implementing incident response efforts, initiating an investigation with the help of security industry experts, and disconnecting its systems and services from the public Internet. The majority of the impacted systems and services have been restored, and the company is committed to fully assessing and remedying the security incident. Western Digital will continue to implement additional precautionary measures to protect its business operations.

How do I know if I was affected?

Western Digital has been communicating directly with affected customers regarding the data breach. If you're a Western Digital customer and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account, and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes to the respective service providers.

For more specific help and instructions related to Western Digital's data breach, please contact Western Digital Support directly.

Where can I go to learn more?

For more information on the Western Digital data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Western Digital Data Breach: What & How It Happened?

Twingate Team

Jun 14, 2024

In March 2023, Western Digital experienced a data breach when an unauthorized third party accessed their systems. The breach affected a database containing customer information. The company took steps to secure their systems and launched an investigation. They have been working to restore services and are in communication with those affected.

How many accounts were compromised?

The data breach impacted over 2.5 million customer accounts.

What data was leaked?

The data exposed in the breach included customer names, billing and shipping addresses, email addresses, telephone numbers, hashed and salted passwords, and partial credit card numbers.

How was Western Digital hacked?

The unauthorized third party breached Western Digital's systems and gained access to a database containing personal information of online store customers. The hackers, identified as the ALPHV (aka BlackCat) ransomware group, allegedly obtained around 10 terabytes of data and demanded a minimum 8-figure ransom. Despite Western Digital's incident response efforts, the hackers continued to have access to the company's systems, as evidenced by published screenshots on their dark web portal.

Western Digital's solution

In response to the hack, Western Digital took several measures to secure its platform and prevent future incidents. This included implementing incident response efforts, initiating an investigation with the help of security industry experts, and disconnecting its systems and services from the public Internet. The majority of the impacted systems and services have been restored, and the company is committed to fully assessing and remedying the security incident. Western Digital will continue to implement additional precautionary measures to protect its business operations.

How do I know if I was affected?

Western Digital has been communicating directly with affected customers regarding the data breach. If you're a Western Digital customer and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account, and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes to the respective service providers.

For more specific help and instructions related to Western Digital's data breach, please contact Western Digital Support directly.

Where can I go to learn more?

For more information on the Western Digital data breach, check out the following news articles: