Breach, Data Security, Threat Management

Data-storage firm Western Digital confirms cyberattack disrupted operations

Western Digital logo

Data-storage company Western Digital Corp. reported that it had experienced a network security incident in which an unauthorized third-party gained access to a number of the company’s systems.

In an April 3 statement, Western Digital said it identified the incident on March 26 and followed up with an investigation by an outside security and forensic experts.

Based on the investigation to date, Western Digital said it believed the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data.

Western Digital acknowledged that the incident caused disruption to its business operations. Customers of the company’s popular MyCloud network-attached service tweeted that the service was down over the weekend, something the company confirmed to its customers.

Although there was speculation in some press reports that this may have been a ransomware incident, there was no confirmation or any further statements from Western Digital as of late morning on April 3.

Joseph Carson, chief security scientist and Advisory CISO at Delinea, said the incident reminds us of what happens when attackers successfully gain unauthorized access to a victim's network. And when that company is a cloud-storage company that serves thousands of customers, Carson said the impact of this security incident escalates significantly with many consumers and businesses unable to access critical data remotely and receive a service outage notice. 

“Service providers are a leading target of malicious hackers, especially those that store potentially sensitive data,” Carson said. “This latest incident should be a critical reminder of the importance of securing privileged access and ensuring multiple layers of security controls are in place, including the principle of least privilege and multi-factor authentication.”

Craig Burland, chief information security officer at Inversion6, added while it’s too early to reasonably assess the damage, any breach with such widespread and public impact is serious. Burland said companies that use the WD services should proactively assess the value of the information stored in that cloud. 

“What’s most intriguing here is how WD has handled the incident,” said Burland. “Rather than waiting months to prove or disprove the breach with 100% certainty, they’re sharing what they know. Intelligent business leaders understand there’s a fog of war hanging over incidents. They don’t expect a full reading of all the facts within hours or days. It’s good to see WD embracing that. Assuming their transparency continues, this should be a lesson to other companies about how to communicate a potential breach.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.