Skip to main content

Western Digital comes clean about massive security breach

The popular PC storage manufacturer, Western Digital, has confirmed that it experienced a network security breach earlier this year, in which an unauthorized third party gained control of several of its systems.

The incident took place on March 26, 2023, but was immediately addressed by the manufacturer, with Western Digital reporting the breach bringing in top security experts to launch an investigation, which is currently ongoing, the company said in a statement.

Image used with permission by copyright holder

The bad actors in charge of the breach were able to get access to a copy of a database used to operate the Western Digital online store. Information from this database includes “personal customer information, such as names, billing and shipping addresses, email addresses, and telephone numbers,” as well as “Encrypted hashed and salted passwords and partial credit card numbers,” the company noted.

Recommended Videos

In collaboration with external forensic experts, the investigation aims to determine the brevity of the breach, and Western Digital said it plans to directly contact customers that have had their data compromised.

Please enable Javascript to view this content

The company also warns customers against using digital signing technology that could be fraudulent, noting that it has “control over its digital certificate infrastructure,” and is “equipped to revoke certificates as needed.” Western Digital also reminds its users to be mindful when downloading applications from unofficial sources on the internet.

The brand said its systems and services are now restored since the initial breach and product shipments have not been affected as per customer demand. Services that were shut down, include My Cloud, which was restored on April 13, 2023. Western Digital online store accounts are set to be restored during the week of May 15, 2023.

Western Digital also notes with the investigation being ongoing, that its forward-looking statements are not concrete, and updates that might come in the future might give different details than what the company is saying now.

Still, Western Digital has been much more open about its breach than many other companies traditionally. In October 2022, Microsoft servers suffered a breach that potentially affected over 65,000 entities across 111 countries and the company declined to comment. In August 2022, The Android-based payment system, Wiseasy, well-known in the Asia-Pacific region suffered a malware hack. Reports at the time said there was no information on whether Wiseasy had plans to directly tell its customers about the hack.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Cash App breach impacts millions of U.S. customers
Cash App for mobile payments.

Block, formerly Square, has revealed a security breach impacting up to 8.2 million current and former users of Cash App, its mobile payment and investment service.

The San Francisco-based company said in a recent filing with the U.S. Securities and Exchange Commission that the breach was an inside job allegedly carried out by a former employee.

Read more
Robinhood reports data breach affecting 7 million customers
Robinhood app on a smartphone.

Online stock trading platform Robinhood has been hit by a data breach affecting about seven million of its customers, the company revealed on Monday, November 8.

The Menlo Park, California-based company said the “data security incident” took place on Wednesday, November 3, when an unauthorized third party “obtained access to a limited amount of personal information.”

Read more
Nvidia warns owners of its GPUs about a dangerous security vulnerability
Promotional photo of an Nvidia GeForce RTX 3090 graphics card.

Nvidia is warning GPU owners to update their graphics card drivers after the company discovered several high-level security vulnerabilities. ThreatPost reports that Nvidia found bugs in its virtual GPU software and the display driver that's required for the graphics card to function.

Nvidia has a table showing the drivers for its different product lines across Windows and Linux, but it doesn't really matter. It seems GeForce, Quadro, and Tesla drivers are vulnerable across Windows and Linux, so it's best to update your graphics driver regardless.

Read more