Western Digital confirms hackers stole customer data in March breach

Western Digital confirms hackers stole customer data in March breach

Data storage giant Western Digital has confirmed that hackers stole a database containing customer information during a March cyberattack.

The stolen data included customer names, billing and shipping addresses, email addresses and telephone numbers as well as hashed and salted passwords and partial credit card numbers (in encrypted format).

“We are aware that other alleged Western Digital information has been made public. We are investigating the validity of this data and will continue reporting our findings as appropriate,” the company said in an update posted on its website.

“Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure. In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed. We'd like to remind consumers to always use caution when downloading applications from non-reputable sources on the Internet,” WD added.

The security breach, which took place on March 26 2023, affected some of WD’s internal systems causing disruptions to some of the company’s services, including the My Cloud service.

Subsequent media reports revealed that the attackers behind the breach allegedly stole around 10 TB of data and were negotiating with Western Digital for a ransom of a “minimum 8 figures” to avoid leaking the information.

In late April, the ALPHV/BlackCat ransomware gang took credit for the breach and posted some of the data allegedly stolen from WD on its dark web data leak website. The group also leaked a series of screenshots showing emails, documents, and video conferences, related to the actions Western Digital took following the breach. Among the leaked images was a screen grab of an early morning video conference convened by WD’s incident response team to discuss a recent ransomware attack on the company.

The published screenshots also included what appear to be invoices, development tools, confidential communications, and various internal tools.

Back to the list

Latest Posts

UNC6148 threat actor actively targets outdated and patched SonicWall devices

UNC6148 threat actor actively targets outdated and patched SonicWall devices

The group is using stolen credentials and OTP seeds to regain access to devices even after security updates have been applied.
17 July 2025
Google patches Chrome zero-day allowing sandbox escape

Google patches Chrome zero-day allowing sandbox escape

The flaw stems from insufficient validation of untrusted input in ANGLE and GPU.
16 July 2025
Ukrainian police dismantle major server network used for malware distribution

Ukrainian police dismantle major server network used for malware distribution

Authorities identified a 33-year-old French national as the organizer of the illegal operation.
16 July 2025
Popular Posts
Featured vulnerabilities
Denial of service in Junos OS and Junos OS Evolved
Medium Patched | 18 Jul, 2025
Inconsistent interpretation of HTTP requests in aiohttp
Medium Patched | 18 Jul, 2025
Juniper CTPView update for OpenSSH
Medium Patched | 18 Jul, 2025
Remote denial of service in Junos OS and Junos OS Evolved rpd
Medium Patched | 18 Jul, 2025
Improper Check for Unusual or Exceptional Conditions in Juniper Junos OS
Medium Patched | 18 Jul, 2025