Western Digital Confirms Customer Data Stolen in Ransomware AttackWestern Digital Confirms Customer Data Stolen in Ransomware Attack
Company refutes BlackCat claims, saying it still controls digital signature infrastructure.
May 8, 2023
Since its April 2 disclosure of a ransomware attack, Western Digital has conducted an investigation, which concluded a customer database was stolen that included the personal information of its online customers.
The stolen data set includes the names, physical and email addresses, phone numbers, encrypted and salted passwords, and partial credit card numbers, an update on the ransomware incident from Western Digital said.
Ransomware group BlackCat has been public about its eight-figure ransomware demands to decrypt and return Western Digital's data, even trolling the cyber-incident response team by posting stolen images of their video conference meetings.
Additionally, Western Digital refutes BlackCat's claims to have control of the computer drive manufacturer's code-signing certificate.
"Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure," the company said. "In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed."
Western Digital added it will continue to investigate data released by BlackCat purported to have been stolen from its systems.
"We are aware that other alleged Western Digital information has been made public," the company added. "We are investigating the validity of this data and will continue reporting our findings as appropriate."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
2021 Gartner Market Guide for Managed Detection and Response Report