Digital storage giant Western Digital confirmed that an “unauthorized third party” gained access to its systems and stole personal information belonging to the company’s online store customers.
“This information included customer names, billing and shipping addresses, email addresses and telephone numbers,” the San Jose-based company said in a disclosure last week.
A subsequent report from TechCrunch last month revealed that the threat actors behind the attack were allegedly in possession of “around 10 terabytes of data” and were negotiating with Western Digital for a ransom of a “minimum 8 figures” to avoid leaking the information.
While the identity of the extortionists was unknown at the time, ALPHV (aka BlackCat) ransomware actors have since taken credit for the theft, issuing an ultimatum on April 18, 2023, to make the payment or risk the release of “important documents” and “priceless artifacts.”
Western Digital said it’s aware of the publication of “other alleged Western Digital information,” that it’s “investigating the validity of this data,” and that it has “control over our digital certificate infrastructure.” The company, however, did not specify how many customers were affected.
It has also taken the step of taking its online store offline, which it said is expected to be restored the week of May 15, 2023. Access to My Cloud service was restored on April 13, 2023.
Source: https://thehackernews.com/
