10TB of Data Stolen From Western Digital in Cyberattack

Data storage giant Western Digital has been hacked by cybercriminals who claim to have stolen around 10 terabytes of data, including customer information. The hackers are demanding a ransom of a minimum of eight figures from Western Digital in exchange for not publishing the stolen data.

On April 3rd, Western Digital reported that on March 26th, it had "identified a network security incident involving Western Digital's systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the company's systems." The company did not provide much detail regarding the nature and scope of the stolen data at the time or how the hackers accessed the company's network.

The cybercriminals behind the attack contacted TechCrunch, who verified their claims. One of the hackers shared a file digitally signed with Western Digital's code-signing certificate, indicating that they could now digitally sign files to impersonate Western Digital. The hackers also shared private phone numbers allegedly belonging to several Western Digital executives.

TechCrunch called these numbers, and while several went to automated voicemail boxes, two had custom voicemail greetings that mentioned the names of the executives associated with the numbers.

The hackers shared screenshots showing a folder from a Box account allegedly belonging to Western Digital, an internal email, files stored in a PrivateArk instance (a cybersecurity product), and a screenshot of a group call where one participant was identified as Western Digital's chief information security officer. The hackers also claimed that they were able to steal data from the company's SAP Backoffice, a back-end interface for managing e-commerce data.

The hackers warned Western Digital stating, "We are still buried in your network, and we will keep digging there until we find a payment from you."

TechCrunch said that the hacker who spoke to them said their goal when they hacked Western Digital was to make money. The hackers have demanded a one-time payment from the company and have sent several executives emails regarding the ransom to their personal email addresses (as the corporate email system is down).

Western Digital declined to comment or answer questions about the hacker's claims, whether the company could confirm if the data stolen included customer data, and whether the company had made contact with the hackers.

If Western Digital fails to comply with the demands, the hackers have asserted that they are ready to publish the stolen data on the website of the ransomware gang Alphv.