Cyber Incident Victim: Western Digital
Date:
Mar 2023
Location:
United States of America
Summary
Western Digital disclosed a network breach involving unauthorized access to company systems, triggering an investigation with external security experts and law enforcement. The intrusion disrupted operations, particularly impacting My Cloud services with extended unavailability affecting customer access to hosted data across multiple product lines, while the company implemented additional security measures amid concerns over potential data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 26, 2023, Western Digital detected unauthorized access to its network systems, prompting an immediate investigation coordinated with external security and forensic experts. The company disclosed the breach publicly on April 3, confirming that an intruder had compromised multiple corporate systems and potentially accessed undisclosed company data. Law enforcement was engaged shortly after discovery, though the investigation remained in preliminary stages at the time of disclosure. Western Digital activated incident response protocols to contain the breach, implementing additional security measures that temporarily disrupted business operations. Service impacts were acknowledged as ongoing and potentially persistent, with the company stating these measures were necessary to safeguard infrastructure. No specifics regarding the intrusion method, duration of unauthorized access prior to detection, or precise scope of compromised data were disclosed in the initial announcement.
The breach triggered a widespread outage of Western Digital’s My Cloud service suite, affecting My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, and SanDisk Ixpand Wireless Charger products. Users reported sustained inability to access cloud-hosted data repositories beginning March 26, encountering persistent “503 Service Temporarily Unavailable” errors during login attempts. Authentication systems, cloud storage access, email notifications, and push notifications remained nonfunctional for over 24 hours post-outage. Western Digital acknowledged the service disruption’s connection to breach remediation efforts but provided no restoration timeline, stating only that updates were forthcoming. The incident impaired critical remote access capabilities for personal and business data storage customers globally, though data exfiltration or encryption by threat actors remained unconfirmed in available disclosures. Operational disruptions extended beyond customer-facing services, impacting undisclosed internal business functions within the organization.