Western Digital has declared that its My Cloud online service has been compromised by a group of hackers late last month: "On March 26, 2023, Western Digital identified a network security incident involving Western Digital's systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company's systems. Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities."

The statement, issued on April 4, continues: "The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data. While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company's business operations."According to a news feature, published by TechCrunch, its author has been in contact with the perpetrator(s) responsible for the online attack. The group claims that it has stolen around 10 terabytes of data from the company, and a significant chunk of this information is comprised of customer information. A ransom request in the region of "a minimum 8 figures" has been dangled in front of Western Digital - the hackers are demanding a significant chunk of change in exchange for the return of stolen data. WD is facing the threat of its (previously private/secure) cloud customer base's information being published across the internet, but their first port of call will be on the website operated by ransomware crew Alphv (aka BlackCat). The hackers deny having any direct links to Alphv/BlackCat, but do acknowledge that they are appreciated for being "professional" within the online crime sector.TechCrunch was granted access to a small sample of evidence courtesy of their contact within the hacking organization - including active customer phone numbers and a file that had been digitally authenticated with Western Digital's code-signing certificate. The hackers have boasted that they have also smashed through enough security measures in order to reach internal Western Digital staff systems - including corporate emails, e-commerce material and back-end interfaces.

The hackers are plainly motivated by the potential of making a lot of money from the attack - part of their statement (directed at WD) reads: "We only need a one-time payment, and then we will leave your network and let you know about your weaknesses. No lasting harm has been done. But if there are any efforts to interfere with us, our systems, or anything else. We will strike back. We are still buried in your network and we will keep digging there until we find a payment from you. We can completely conceal this and make it all disappear. Before it is too late, let us do that. Until now, you have been gracious; let's hope that you do not keep going the wrong way. Cut the crap, get the money, and let's both go our separate ways. Simply put, let us put our egos aside and work to find a resolution to this chaotic scenario."

Western Digital has yet to publish any official statement regarding potential interactions or negotiation proceedings occurring between it and the ransom holders.