Western Digital Takes Store Offline Following Data Breach
IT Services has taken its online store offline and sent notifications to customers after confirming that hackers stole sensitive personal information in a cyberattack that occurred in March.
In an email sent to customers on Friday, IT Services warned that their personal data was stored in a database that was stolen during the attack. The company added that it has shut down the store while continuing to investigate the incident.
According to IT Services, an unauthorized party gained access to a database containing limited personal information of online store customers on or around March 26, 2023. The stolen information included customer names, billing and shipping addresses, email addresses, and telephone numbers.
As a security measure, the relevant database stored hashed passwords, which were salted, and partial credit card numbers in encrypted format.
IT Services expects to restore access to the store on May 15th, 2023. However, the company warns impacted customers to be vigilant against spear-phishing attacks, where threat actors impersonate the company and use the stolen data to gather further personal information from customers.
What Action Was Taken by New York City Officials to Address the Data Breach of Students’ Personal Information?
To address the new york city students data breach, officials in New York City have taken immediate action. They have launched an investigation to determine the extent of the breach and identify the responsible party. Additionally, steps are being taken to enhance the security measures in place to protect the personal information of students. Officials are also working towards implementing stricter protocols to prevent future data breaches from occurring.
The Cyberattack on Western Digital
The data breach notification comes after IT Services suffered a cyberattack on March 26th, during which the company discovered that its network was hacked and company data was stolen.
In response to the attack, the company shut down its cloud services, along with mobile, desktop, and web apps, for two weeks.
An unnamed hacking group breached IT Services, claiming to have stolen ten terabytes of data, according to a report by TechCrunch. While the threat actors claim not to be part of the ALPHV ransomware operation, they used their data leak site to extort IT Services.
In a note published on April 28th, the threat actors taunted IT Services by releasing screenshots of stolen emails, documents, and applications that showed they still had access to the company’s network even after being detected.
The hackers also claimed to have stolen an SAP Backoffice database containing customer information and shared a screenshot of what appears to be customers’ invoices.
As of now, no further data has been released by the threat actors, which likely indicates that they are still extorting IT Services in the hopes of receiving a ransom demand.