• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Western Digital Provides Update on Network Security Incident

GFreeman

News Editor
Staff member
Joined
Mar 6, 2023
Messages
1,583 (2.41/day)
Western Digital Corp. today provided an update on a network security incident involving the Company's systems.

On March 26, 2023, we identified a network security incident where an unauthorized third party gained access to a number of the Company's systems. On April 2, 2023, we disclosed that upon discovery of this incident, we implemented incident response efforts and initiated an investigation with the assistance of leading security industry experts. This investigation is underway and includes analysis to understand the nature and scope of data obtained by the unauthorized party.

As a precautionary measure to secure our business operations, the Company proactively disconnected our systems and services from the public Internet. We are progressing through our restoration process and the majority of our impacted systems and services are now operational. Our factories are and have been operational throughout this incident and we are shipping products to meet our customers' needs. While initially impacted by our proactive measures, as of April 13, 2023, My Cloud service was restored. Account access to Western Digital's online store also was impacted and is expected to be restored the week of May 15, 2023.



In collaboration with outside forensic experts, we confirmed that an unauthorized party obtained a copy of a Western Digital database used for our online store that contained some personal information of our online store customers. This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers. We will communicate directly with impacted customers.

We are aware that other alleged Western Digital information has been made public. We are investigating the validity of this data and will continue reporting our findings as appropriate.

Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure. In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed. We'd like to remind consumers to always use caution when downloading applications from non-reputable sources on the Internet.

Forward-Looking Statements
This press release contains forward-looking statements within the meaning of the federal securities laws, including statements regarding the network security incident, our related responsive actions and communications, the restoration of our systems and services and our ability to implement additional precautionary measures. The forward-looking statements contained in this press release are based on management's current expectations and are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied in the forward-looking statements, including: additional information regarding the extent of the network security incident that we may uncover during our ongoing investigation, our ability to fully assess and remedy the security incident, and the possibility of additional disruption to our Company's business operations caused by the security incident. Additional risks and uncertainties that may cause actual results to differ materially include the risks and uncertainties listed in the Company's filings with the Securities and Exchange Commission (the "SEC"), including the Company's Form 10-K filed with the SEC on August 25, 2022, to which your attention is directed. You should not place undue reliance on these forward-looking statements, which speak only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements to reflect new information or events, except as required by law.

View at TechPowerUp Main Site | Source
 
Joined
Mar 1, 2021
Messages
496 (0.36/day)
Location
Germany
System Name Homebase
Processor Ryzen 5 5600
Motherboard Gigabyte Aorus X570S UD
Cooling Scythe Mugen 5 RGB
Memory 2*16 Kingston Fury DDR4-3600 double ranked
Video Card(s) AMD Radeon RX 6800 16 GB
Storage 1*512 WD Red SN700, 1*2TB Curcial P5, 1*2TB Sandisk Plus (TLC), 1*14TB Toshiba MG
Display(s) Philips E-line 275E1S
Case Fractal Design Torrent Compact
Power Supply Corsair RM850 2019
Mouse Sharkoon Sharkforce Pro
Keyboard Fujitsu KB955
And what took them so long to send out an official statement and account locking?
 
Joined
Jan 10, 2011
Messages
1,451 (0.28/day)
Location
[Formerly] Khartoum, Sudan.
System Name 192.168.1.1~192.168.1.100
Processor AMD Ryzen5 5600G.
Motherboard Gigabyte B550m DS3H.
Cooling AMD Wraith Stealth.
Memory 16GB Crucial DDR4.
Video Card(s) Gigabyte GTX 1080 OC (Underclocked, underpowered).
Storage Samsung 980 NVME 500GB && Assortment of SSDs.
Display(s) ViewSonic VA2406-MH 75Hz
Case Bitfenix Nova Midi
Audio Device(s) On-Board.
Power Supply SeaSonic CORE GM-650.
Mouse Logitech G300s
Keyboard Kingston HyperX Alloy FPS.
VR HMD A pair of OP spectacles.
Software Ubuntu 24.04 LTS.
Benchmark Scores Me no know English. What bench mean? Bench like one sit on?
And what took them so long to send out an official statement and account locking?
They had to find someone who actually has a clue what information security is to explain what had happened to them....
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
27,083 (3.83/day)
Location
Alabama
System Name RogueOne
Processor Xeon W9-3495x
Motherboard ASUS w790E Sage SE
Cooling SilverStone XE360-4677
Memory 128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 2TB WD SN850X | 2x 8TB GAMMIX S70
Display(s) 49" Philips Evnia OLED (49M2C8900)
Case Thermaltake Core P3 Pro Snow
Audio Device(s) Moondrop S8's on schitt Gunnr
Power Supply Seasonic Prime TX-1600
Mouse Razer Viper mini signature edition (mercury white)
Keyboard Monsgeek M3 Lavender, Moondrop Luna lights
VR HMD Quest 3
Software Windows 11 Pro Workstation
Benchmark Scores I dont have time for that.
They had to find someone who actually has a clue what information security is to explain what had happened to them....
These large companies that only see IT as a cost center are starting to pay the price for it.
 
Joined
Aug 23, 2013
Messages
585 (0.14/day)
I keep seeing these leaks happen and I have to wonder why they can't just hash every field instead of just passwords and credit information. I get the distinct impression that if there were laws that made them accountable in a liability way for these leaks that may not be a big deal to them, but are a huge deal to those whose information they gave away... well, liability would make them hash everything out of an abundance of caution.
 
Top