Posted on April 4, 2023 at 5:01 PM
Western Digital reports a hacking attack as hackers to exfiltrate data from its systems
Western Digital, one of the largest data storage companies, has reported a hacking attack. The data storage firm said that hackers exfiltrated data from its systems after a network security incident happened last week. The hacking attack in question happened on March 26.
Western Digital confirms hacking exploit
Western Digital released a statement early this week said that a threat actor had gained unauthorized access to several internal systems. The company noted that the breach occurred on March 26, but it has not disclosed the nature of this incident. The company’s report also failed to mention how the hacker gained access to its systems.
However, going by the statement, it appears as if the exploit might have been a ransomware campaign. The company added that the investigations that it had conducted so far on the matter showed that the threat actor accessed some data from its systems, adding that the firm was working towards understanding more about this attack.
“On March 26, 2023, Western Digital identified a network security incident involving Western Digital’s systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the company’s systems. Upon discovery of the incident, the company implemented incident response efforts and initiated an investigation with the assistance of the leading outside security and forensic experts,” the company said.
The threat actor behind the hacking attack has yet to be identified. Moreover, there is no information showing that a major ransomware group had claimed responsibility for the campaign. Nevertheless, the company said that the investigations were still in their early stages and that it was in contact with law enforcement authorities.
The company has said that it is taking proactive measures to ensure that its business operations are not affected by hacking attacks in the future. The company noted that some of the measures that it had taken included taking its systems and services offline. The company said that it would continue taking additional measures as needed to protect itself against such attacks.
Western Digital noted that part of the remediation efforts that the firm had taken included working on the restoration of the infrastructure and services that were affected because of the breach. It added that the investigations that had been conducted so far revealed that the hacker who gained unauthorized access stole certain data from its network, but the nature and scope of the exploit were still undetermined.
The company’s operations disrupted
The storage company also added that the incident had affected the company’s normal operations, adding that it could continue disrupting the business operations. The company has not shared more details, but the Western Digital service status website shows that the breach had taken its My Cloud network-attached storage (NAS) service offline. This service allows clients to access files using the internet.
This outage has affected the majority of My Cloud (WD’s NAS brand) users because they can no longer access the data in their personal NAS. Most users of the Company’s My Cloud services have aired their concerns on Twitter, urging the company to devise a schedule that they will use to restore their services.
The Western Digital service status page shows that all the services of the company are offline. The services that have been affected include cloud, email, and account authentication. Western Digital shut down services to limit the reach of the attacker and ensure that its data and that of its users were safe if the hacker had not already compromised it.
Users are also complaining of the lack of timely updates from the company regarding the attack and when the matter would be resolved. The users affected the most are those who need their WD NAS to access their work files.
While this breach appears to have far-reaching effects, it is not the first time that the company has been affected by a major cybersecurity incident. The company had reported another exploit a few years back. At the time, the majority of WD My Book Live users found that their NAS had been resent remotely, which deleted all their data.
One of the measures customers can take to protect their data includes setting up their NAS to a work-only model within the local network. However, this will only work if the workflow supports the model. Additionally, users can also back up their data on platforms that can operate entirely offline.