Saturday, May 6th 2023

Western Digital Provides Update on Network Security Incident

Western Digital Corp. today provided an update on a network security incident involving the Company's systems.

On March 26, 2023, we identified a network security incident where an unauthorized third party gained access to a number of the Company's systems. On April 2, 2023, we disclosed that upon discovery of this incident, we implemented incident response efforts and initiated an investigation with the assistance of leading security industry experts. This investigation is underway and includes analysis to understand the nature and scope of data obtained by the unauthorized party.

As a precautionary measure to secure our business operations, the Company proactively disconnected our systems and services from the public Internet. We are progressing through our restoration process and the majority of our impacted systems and services are now operational. Our factories are and have been operational throughout this incident and we are shipping products to meet our customers' needs. While initially impacted by our proactive measures, as of April 13, 2023, My Cloud service was restored. Account access to Western Digital's online store also was impacted and is expected to be restored the week of May 15, 2023.
In collaboration with outside forensic experts, we confirmed that an unauthorized party obtained a copy of a Western Digital database used for our online store that contained some personal information of our online store customers. This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers. We will communicate directly with impacted customers.

We are aware that other alleged Western Digital information has been made public. We are investigating the validity of this data and will continue reporting our findings as appropriate.

Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure. In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed. We'd like to remind consumers to always use caution when downloading applications from non-reputable sources on the Internet.

Forward-Looking Statements
This press release contains forward-looking statements within the meaning of the federal securities laws, including statements regarding the network security incident, our related responsive actions and communications, the restoration of our systems and services and our ability to implement additional precautionary measures. The forward-looking statements contained in this press release are based on management's current expectations and are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied in the forward-looking statements, including: additional information regarding the extent of the network security incident that we may uncover during our ongoing investigation, our ability to fully assess and remedy the security incident, and the possibility of additional disruption to our Company's business operations caused by the security incident. Additional risks and uncertainties that may cause actual results to differ materially include the risks and uncertainties listed in the Company's filings with the Securities and Exchange Commission (the "SEC"), including the Company's Form 10-K filed with the SEC on August 25, 2022, to which your attention is directed. You should not place undue reliance on these forward-looking statements, which speak only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements to reflect new information or events, except as required by law.
Source: Western Digital
Add your own comment

5 Comments on Western Digital Provides Update on Network Security Incident

#1
Dragokar
And what took them so long to send out an official statement and account locking?
Posted on Reply
#2
Shihab
DragokarAnd what took them so long to send out an official statement and account locking?
They had to find someone who actually has a clue what information security is to explain what had happened to them....
Posted on Reply
#3
Solaris17
Super Dainty Moderator
ShihabThey had to find someone who actually has a clue what information security is to explain what had happened to them....
These large companies that only see IT as a cost center are starting to pay the price for it.
Posted on Reply
#4
HisDivineOrder
I keep seeing these leaks happen and I have to wonder why they can't just hash every field instead of just passwords and credit information. I get the distinct impression that if there were laws that made them accountable in a liability way for these leaks that may not be a big deal to them, but are a huge deal to those whose information they gave away... well, liability would make them hash everything out of an abundance of caution.
Posted on Reply
#5
lexluthermiester
Solaris17These large companies that only see IT as a cost center are starting to pay the price for it.
Every company needs to treat it's IT's dept as an asset not an expense.
Posted on Reply
Nov 18th, 2024 03:19 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts