Western Digital Corp. today provided an update on a network security incident involving the Company's systems.
On March 26, 2023, we identified a network security incident where an unauthorized third party gained access to a number of the Company's systems. On April 2, 2023, we disclosed that upon discovery of this incident, we implemented incident response efforts and initiated an investigation with the assistance of leading security industry experts. This investigation is underway and includes analysis to understand the nature and scope of data obtained by the unauthorized party.
As a precautionary measure to secure our business operations, the Company proactively disconnected our systems and services from the public Internet. We are progressing through our restoration process and the majority of our impacted systems and services are now operational. Our factories are and have been operational throughout this incident and we are shipping products to meet our customers' needs. While initially impacted by our proactive measures, as of April 13, 2023, My Cloud service was restored. Account access to Western Digital's online store also was impacted and is expected to be restored the week of May 15, 2023.
In collaboration with outside forensic experts, we confirmed that an unauthorized party obtained a copy of a Western Digital database used for our online store that contained some personal information of our online store customers. This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers. We will communicate directly with impacted customers.
We are aware that other alleged Western Digital information has been made public. We are investigating the validity of this data and will continue reporting our findings as appropriate.
Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure. In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed. We'd like to remind consumers to always use caution when downloading applications from non-reputable sources on the Internet.
Forward-Looking Statements
This press release contains forward-looking statements within the meaning of the federal securities laws, including statements regarding the network security incident, our related responsive actions and communications, the restoration of our systems and services and our ability to implement additional precautionary measures. The forward-looking statements contained in this press release are based on management's current expectations and are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied in the forward-looking statements, including: additional information regarding the extent of the network security incident that we may uncover during our ongoing investigation, our ability to fully assess and remedy the security incident, and the possibility of additional disruption to our Company's business operations caused by the security incident. Additional risks and uncertainties that may cause actual results to differ materially include the risks and uncertainties listed in the Company's filings with the Securities and Exchange Commission (the "SEC"), including the Company's Form 10-K filed with the SEC on August 25, 2022, to which your attention is directed. You should not place undue reliance on these forward-looking statements, which speak only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements to reflect new information or events, except as required by law.
View at TechPowerUp Main Site | Source
On March 26, 2023, we identified a network security incident where an unauthorized third party gained access to a number of the Company's systems. On April 2, 2023, we disclosed that upon discovery of this incident, we implemented incident response efforts and initiated an investigation with the assistance of leading security industry experts. This investigation is underway and includes analysis to understand the nature and scope of data obtained by the unauthorized party.
As a precautionary measure to secure our business operations, the Company proactively disconnected our systems and services from the public Internet. We are progressing through our restoration process and the majority of our impacted systems and services are now operational. Our factories are and have been operational throughout this incident and we are shipping products to meet our customers' needs. While initially impacted by our proactive measures, as of April 13, 2023, My Cloud service was restored. Account access to Western Digital's online store also was impacted and is expected to be restored the week of May 15, 2023.
In collaboration with outside forensic experts, we confirmed that an unauthorized party obtained a copy of a Western Digital database used for our online store that contained some personal information of our online store customers. This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers. We will communicate directly with impacted customers.
We are aware that other alleged Western Digital information has been made public. We are investigating the validity of this data and will continue reporting our findings as appropriate.
Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure. In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed. We'd like to remind consumers to always use caution when downloading applications from non-reputable sources on the Internet.
Forward-Looking Statements
This press release contains forward-looking statements within the meaning of the federal securities laws, including statements regarding the network security incident, our related responsive actions and communications, the restoration of our systems and services and our ability to implement additional precautionary measures. The forward-looking statements contained in this press release are based on management's current expectations and are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied in the forward-looking statements, including: additional information regarding the extent of the network security incident that we may uncover during our ongoing investigation, our ability to fully assess and remedy the security incident, and the possibility of additional disruption to our Company's business operations caused by the security incident. Additional risks and uncertainties that may cause actual results to differ materially include the risks and uncertainties listed in the Company's filings with the Securities and Exchange Commission (the "SEC"), including the Company's Form 10-K filed with the SEC on August 25, 2022, to which your attention is directed. You should not place undue reliance on these forward-looking statements, which speak only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements to reflect new information or events, except as required by law.
View at TechPowerUp Main Site | Source
