Breach Takes Systems Down Across Western Digital

On March 26, an unauthorized third party gained access to systems at Western Digital. SanDisk, WD, and WD_Black are among the data storage company’s brands. The breach resulted in disruption to its business operations, including its My Cloud service, Tech Crunch reports. As of April 6, My Cloud remains offline.

“As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data,” according to a statement the company released on April 3.

The full scope of the security incident has yet to be determined, but this breach sparks a lot of questions from Western Digital’s customers, as well as other enterprises. “WD is a pillar of digital life for both enterprises and consumers. It’s not exactly a low-profile company, a low-hanging fruit accessible to any wannabe hacker. If WD can be comprised, likely any other similar business could be targeted,” says Philippe Humeau, CEO and co-founder of cybersecurity solution CrowdSec.

Waiting for Updates

Western Digital has yet to release further details on the breach, aside from its initial statement. “Without communication and updates from Western Digital, especially a plan of action and timeline for restoring lost or altered data, customers may also lose trust in the organization and take their business elsewhere,” Kayla Williams, CISO of cloud-native security analytics platform Devo Technology, tells InformationWeek. “It’s important to remember that the negative consequences of data breaches aren’t always just technical, but they can do significant harm to a company’s reputation and relationship with its customers.”

In the meantime, the company’s customers are left with questions and the need to protect themselves. “My Cloud users are very worried about the future of what was stored by this service. Some main questions remain at that stage for clients: Are my data in the hands of cybercriminals? Will my data ever be accessible again, or are they forever lost? Should I continue using this cloud storage, or should I reconfigure my systems to use other tools?" Humeau points out.

Potential Consequences

Thus far, loss of service is the only confirmed consequence of this breach, according to Dan Mayer, threat researcher at cybersecurity company Stairwell. “While that could mean some more severe consequences like the deployment of ransomware (as the media has speculated), we don’t have enough of an understanding of what has taken place,” he says.

If the breach does involve ransomware, the consequences could have a ripple effect. “If this is a ransomware incident, Western Digital is at risk of losing sensitive proprietary data that could be used to inform further attacks internally or on secondary sites,” says Jim Broome, President and CTO of information security and managed services company DirectDefense. “They also face losing revenue by taking their services offline, and customers losing trust in them and choosing another service.”

Lessons to Be Learned

While Western Digital’s customers wait for more information, they can take action. “As a precautionary measure, all users should assume their accounts associated with Western Digital’s services may have been compromised, and therefore they should change their service account passwords immediately and enable MFA, if possible,” Broome suggests. He also recommends adding a layer of protection via encrypted storage or container encryption solutions.

The company’s customers also need to be thinking about how the disruption in Western Digital’s services impacts their operations. “If your data has been materially altered or is unretrievable, how will that impact your business or your customers’ businesses? Are there backups elsewhere?” Williams asks.

Williams also points out that companies that aren’t Western Digital customers could still be impacted by the breach if their employees use its services without company knowledge.

“Companies need to check their software inventories and, if possible, end-user device logging systems to ensure there were no unauthorized connections with Western Digital,” she says.

Western Digital is not the only data storage provider vulnerable to this kind of breach. For other data storage providers, this incident is an opportunity to rectify potential vulnerabilities. “For now, providers should start by assessing how well their various solutions are segmented from each other and from their corporation's main authentication source (for example, Active Directory in Western Digital’s case),” Broome explains.

While cybersecurity hygiene and solutions like managed detection and response can prevent cyberattacks, data storage providers must also be prepared for what happens if a breach does take place. “Communicate early and often and be as honest as you can be with legal and public-facing statements,” Williams urges. “Going radio-silent allows for excess speculation and worst-case-scenario thinking to ensue, which ultimately leads to more reputational damage than necessary.”

As the full story of the Western Digital breach unfolds, other enterprises will have more to learn. “As Western Digital carries out its investigation, the security community will have a better understanding of what happened and provide actionable takeaways for data storage companies,” says Mayer.

What to Read Next:

DC Health Link Breach Exposes Private Information of Lawmakers

GoDaddy Hit with Multiyear Breach

What's Next for T-Mobile After Yet Another Data Breach?