A ransomware group that breached Western Digital’s systems and stole sensitive data in late March this year has leaked a series of screenshots of internal emails and video conferences indicating the threat actor had continued access to the company’s systems as it was dealing with the hack.

Cybersecurity researcher Dominic Alvieri spotted a total of 29 screenshots showing emails, documents, and video conferences, related to the actions Western Digital took following the breach. Among the leaked images was a screen grab of an early morning video conference convened by WD’s incident response team to discuss a recent ransomware attack on the company.

The published screenshots also include what appear to be invoices, development tools, confidential communications, and various internal tools.

On April 3, Western Digital revealed that unidentified hackers gained access to some of its internal systems on March 26. However, no ransomware was deployed and no data was encrypted.

Shortly after the breach, the BlackCat/ALPHV ransomware gang claimed responsibility for the hack on their leak site, claiming to have stolen 10TB of data from the company. The stolen data reportedly included files signed with Western Digital's stolen code-signing keys, unlisted corporate phone numbers, as well as data from the company's SAP Backoffice implementation.

On April 28, the threat actor warned WD that they would leak stolen files every week “until we loose interest.”

“Once that happens, we will put their intellectual property up for sale, including code signing certificates, firmware, personally identifiable information of customers, and more,” the group wrote.

Western Digital did not comment on the leaked images.