Digital storage company Western Digital has confirmed that an unauthorized third party accessed its systems and stole personal information from its online store customers. The stolen data includes customer names, addresses, email addresses, telephone numbers, encrypted passwords, and partial credit card numbers. The incident occurred a month after Western Digital experienced a network security breach, prompting the company to temporarily shut down its cloud services. The threat actors responsible for the attack, allegedly the ALPHV (aka BlackCat) ransomware group, have demanded a ransom of a minimum of eight figures to prevent the release of additional sensitive information. Screenshots of video calls, emails, and documents related to Western Digital’s incident response efforts have been published on the dark web, indicating ongoing access to the compromised systems. The company is investigating the validity of the data and has taken measures such as taking its online store offline. The restoration of the online store is expected in the week of May 15, 2023, while access to the My Cloud service has been restored. The exact number of affected customers has not been disclosed.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.
Source: The Hacker News