Western Digital confirmed that hackers gained access to customer information after stealing a database used for its online store, the company said Friday in a filing with the Securities and Exchange Commission.
Western Digital discovered the theft after working with forensic experts to investigate an attack that took place in late March and was publicly disclosed April 2.
The stolen customer data includes names, billing and shipping addresses, email addresses, telephone numbers and encrypted data, including hashed and salted passwords, and partial credit card numbers.
Western Digital planned to directly notify customers, however some customers have already posted copies of email notifications over the weekend.
After initially disconnecting its systems and services from the public internet, Western Digital is making progress in recovering services. A majority of its operations are back up and running.
Western Digital factories have been operational throughout the process and the company is shipping products to meet its customers needs, the company said. Its My Cloud service was restored in mid-April, and the Western Digital online store is expected to be restored the week of May 15.
The company acknowledged that other alleged Western Digital information has been made public. Numerous reports say the ransomware group Alphv/BlackCat has taken credit for the incident and has been leaking files it claims belong to Western Digital. The group threatened to leak stolen data if Western Digital failed to pay an eight figure ransom demand, according to a TechCrunch report.
Western Digital did not publicly acknowledge the threat group’s claims, however it said it is investigating the validity of the data. Western Digital did confirm last month that it notified law enforcement.
A spokesperson for the FBI in mid-April confirmed that it was aware of the Western Digital incident, but said it would have no further comment as the incident was ongoing. A Moody’s analyst in early April called the attack potentially credit negative, as the company was already facing intense competitive and economic pressure, including reduced IT spending linked to the economy and pricing pressure.
Western Digital said it still has control over its digital certificate infrastructure, however said it has the ability to revoke certificates as needed.
The company, in the Friday disclosure, disclosed the digital certificate capability in response to reports of the potential to fraudulently use digital signing technology through its consumer products.