Some customer-facing services are unavailable.
Western Digital discloses cyberattack.
California-based data storage provider Western Digital has disclosed a breach in which an unauthorized third party gained access to its systems, the Register reports.
Western Digital is working with law enforcement to investigate.
Computing reports that the company has shut down its My Cloud consumer cloud and backup service while it investigates the incident. The company hasn’t disclosed the nature of the attack, and the investigation is still in its early stages. Western Digital said in a statement:
“On March 26, 2023, Western Digital identified a network security incident involving Western Digital’s systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company’s systems.
“Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities.
“The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data.
“While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company’s business operations.”
Industry comment on the Western Digital incident.
Tom Kellermann, SVP of cyber strategy at Contrast Security, commented:
“This is a significant supply chain attack which could have a systemic impact on e-commerce. If this attack was performed by a rogue nation state, the national security implications could linger for months.”
Raj Joshi, Senior Vice President for Moody’s Investors Service, offered the following observations:
“Western Digital Corporation’s cybersecurity breach in which an unauthorized third party gained access to the company’s systems is credit negative. The company is still investigating the incident and has taken systems and services offline. The cybersecurity incident could interrupt the company’s operations while its credit profile is under pressure amid a deep industry downturn. The incidents of information security breaches at MKS Instruments, T-Mobile and Uber Technologies in recent months highlight the vulnerability of the technology and telecom industries to cybersecurity risks and raise questions about cyber governance practices amid growing risks of cyberattacks.”
Erich Kron, Security Awareness Advocate at KnowBe4, commented:
"This is a lesson that even large and tech-related organizations can be victims of cybercrime, including potentially ransomware. Data exfiltration has become a key part of ransomware attacks as the bad actors try to find information that can be used as leverage when demanding a ransom, or may be able to acquire intellectual property or other sensitive information that can be resold on the dark web to add to their profits. Western Digital has done a good job of quickly addressing the issue and openly confirming the potential incident. While oftentimes this early in an investigation not all of the information is known, it's refreshing to see them take a transparent approach to the situation.
“Because ransomware continues to grow and continues to be a major threat for organizations of all sizes, organizations should have a plan to deal with these sorts of attacks. Due to the exfiltration of data, having a focus on preventative controls as well as recovery is an absolute requirement. A large percentage of these sorts of attacks are due to human error, so while technical controls such as network segmentation and data loss prevention are important, organizations also need to ensure that employees are trained and educated on spotting email phishing attacks as well as other social engineering ploys.”