Western Digital is today dealing with a “network security incident” after detecting a break-in into its internal systems by an unauthorized third party.
The manufacturer said it is taking steps to secure its business operations, with the result that some of customer-facing services have been affected.
In terse statement on Monday confirming it had identified the breach, the drive-maker said: “In connection with the ongoing incident, an unauthorized third party gained access to a number of the company’s systems.”
On discovering the digital break-in, WD “implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts… and Western Digital is coordinating with law enforcement authorities.”
The investigation is said to be in its early stages. “Based on the investigation to date, the company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data.”
The Register asked WD for further details, including if any of the data accessed was sensitive information such as customer data. However, it may be limited in what it can disclose if law enforcement authorities are investigating.
Western Digital said it has also been implementing “proactive measures” to secure its business operations, and this has included taking some of its systems and services offline.
“As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data,” the statement added.
Affected services may include those that underpin some of WD’s customer-facing products. At the time of writing, the status panel for My Cloud services was showing them to be offline, with an update dated April 2 saying that “Western Digital is currently experiencing a service outage impacting the following products: My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Charger.”
We asked WD to confirm if the security incident was related to these services being unavailable, but the company has yet to respond.
- 3CX decided supply chain attack indicator was a false positive after VirusTotal tests
- Ferrari in a spin as crims steal a car-load of customer data
- Cancer patient sues hospital after ransomware gang leaks her nude medical photos
- News Corp outfoxed by IT intruders for years
Meanwhile, the company’s customers have taken to social media to complain about services being offline, with one user saying on Twitter that it was preventing him from accessing data on his own storage devices.
“The login service for WD My Cloud Home is unavailable. Thank you @westerndigital for not letting me access my data that I have in the living room.”
Another expressed similar grievances, saying: “Of course I worked all day yesterday on a project that is due tomorrow, to find I can’t access it and have to do it again before 8am. This is the last WD device I will ever buy.”
Western Digital said in its statement that is actively working to restore impacted infrastructure and services, but that the incident has caused and may continue to cause disruption to parts of the company’s business operations, and said it will “provide updates as appropriate.”
The company reported revenue for its second quarter of fiscal year 2023 of $3.11 billion at the end of January, but still saw a net loss of $446 million, compared to a profit of $546 million a year ago and $27 million last quarter. ®