Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Data Breaches

Western Digital Confirms Ransomware Group Stole Customer Information

Western Digital has confirmed that a ransomware group has stolen customer and other information from its systems.

Western Digital confirmed on Friday that cybercriminals have stolen customer and other information after breaching its systems. 

According to the digital storage giant, a security breach was discovered on March 26. In early April, the company shut down some services as part of its incident response activities and informed customers about a cyberattack, but has not shared any updates until May 5. 

Western Digital’s second public statement comes just days after a ransomware group known as Alphv/BlackCat started publishing screenshots showing the extent of their access. The screenshots appear to show video calls, emails and internal documents discussing the cyberattack, as well as internal tools, invoices, and confidential communications.

The hackers have threatened to make public — unless WD pays up — customer personal information, firmware, code signing certificates, and intellectual property. 

In the statement issued on Friday, WD confirmed that the hackers accessed a database associated with its online store that contained customers’ personal information, including name, billing and shipping address, phone number, email address, hashed and salted password, and partial credit card number.

The impacted online store is expected to be restored in the week of May 15. The My Cloud service, which was also shut down following the hack, was restored in mid-April. 

The company said it’s still investigating the validity of the other data made public by the ransomware group. However, it did provide some clarifications regarding digital certificates.

Advertisement. Scroll to continue reading.

“Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure. In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed,” the company said.

In a separate incident that involved digital certificates, a different ransomware group hacked computer manufacturer MSI and recently leaked what appeared to be firmware image signing keys and Intel BootGuard keys associated with several major vendors.

Firmware security company Binarly has analyzed the leaked keys and warned of potentially severe consequences. 

“The signing keys for firmware images allow an attacker to craft malicious firmware updates and it can be delivered through a normal BIOS update process with MSI update tools,” Binarly CEO Alex Matrosov told SecurityWeek. “The Intel BootGuard keys leak impacts the whole ecosystem (not only MSI) and makes this security feature useless.” 

“I think for MSI it will be a complicated situation since to deliver new signing keys they still need to use leaked ones. I don’t believe they do have any revocation mechanisms except just replacing the leaked one with the new key,” Matrosov added. “Regarding Intel BootGuard keys, it’s more complicated because it’s a hardware-based security feature. The Intel BootGuard is not documented. I can only hope Intel has the revocation procedure otherwise the leaked keys will stay forever on impacted devices.”

Related: Payments Giant NCR Hit by Ransomware

Related: Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.