Company refutes BlackCat claims, saying it still controls digital signature infrastructure.
Since its April 2 disclosure of a ransomware attack, Western Digital has conducted an investigation, which concluded a customer database was stolen that included the personal information of its online customers.
The stolen data set includes the names, physical and email addresses, phone numbers, encrypted and salted passwords, and partial credit card numbers, an update on the ransomware incident from Western Digital said.
Ransomware group BlackCat has been public about its eight-figure ransomware demands to decrypt and return Western Digital's data, even trolling the cyber-incident response team by posting stolen images of their video conference meetings.
Additionally, Western Digital refutes BlackCat's claims to have control of the computer drive manufacturer's code-signing certificate.
"Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure," the company said. "In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed."
Western Digital added it will continue to investigate data released by BlackCat purported to have been stolen from its systems.
"We are aware that other alleged Western Digital information has been made public," the company added. "We are investigating the validity of this data and will continue reporting our findings as appropriate."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024