Western Digital Hit By Network Security Breach

Written by

Data storage device manufacturer Western Digital has disclosed information about a network security incident detected on March 26.

The company said the incident involved an unauthorized third party gaining access to several systems.

As a result of the breach, Western Digital brought many of its servers offline, with several consumers and businesses becoming unable to access their data remotely for some time.

“This is the latest reminder of what happens when attackers successfully gain unauthorized access to a victim’s network,” commented Joseph Carson, chief security scientist and Advisory CISO at Delinea.

“When that company is a cloud storage company who serves thousands of customers, the impact of this security incident escalates significantly with many consumers and businesses unable to access critical data remotely.”

Tom Kellermann, SVP of cyber strategy at Contrast Security, echoed Carson’s worries.

“This is a significant supply chain attack, which could have a systemic impact on e-commerce. If this attack was performed by a rogue nation state, the national security implications could linger for months,” Kellermann said.

At the same time, Erich Kron, security awareness advocate at KnowBe4, said that Western Digital had done an excellent job of quickly addressing the issue.

“While oftentimes this early in an investigation, not all of the information is known, it’s refreshing to see them take a transparent approach to the situation,” Kron added.

Still, the executive also said that since ransomware attacks continue to grow in size, organizations should have a plan to deal with network attacks that could lead to ransomware delivery.

Read more on ransomware here: 1000 Shipping Vessels Impacted by Ransomware Attack

“A large percentage of these sorts of attacks are due to human error, so while technical controls [...] are important, organizations also need to ensure that employees are trained and educated on spotting email phishing attacks as well as other social engineering ploys,” Kron added.

Western Digital said it was investigating the incident with law enforcement authorities and will provide additional updates as they become available.

What’s hot on Infosecurity Magazine?