"Western Digital tells customers that hackers stole their data", 8 May 2023

... a month after the company revealed it had been the victim of a data breach, Western Digital published an update on the incident and notified customers that their data was stolen.

In a press release, the company said that on March 26 it detected a “a network security incident” where hackers “gained access to a number of the Company’s systems.”

Western Digital wrote that working with “outside forensic experts” it confirmed that hackers “obtained a copy of a Western Digital database used for our online store that contained some personal information of our online store customers.”

The stolen data included “customer names, billing and shipping addresses, email addresses and telephone numbers,” as well as “passwords and partial credit card numbers” that were encrypted, hashed, and salted, a process that hides the original plaintext data and makes it significantly harder for hackers to actually see the real passwords and partial credit card numbers.

The company also notified customers who were victims’ of the hack.

The company also wrote that victims can take precautionary measures to protect themselves...

Western Digital spokespeople Charlie Smalling declined to comment when asked to specify how many customers were affected, referring back to the update published Friday.

... Western Digital revealed it had been the victim of a data breach, without detailing the extent of the breach or what data had been stolen. Days later, one of the hackers involved in the attack told TechCrunch that the stolen data amounted to 10 terabytes and included customer information.

At the time, the hackers were trying to extort the company promising not to publish the stolen data.

Apparently, Western Digital did not heed these pleas, because the hackers went on and published some of the stolen data...

It doesn’t appear the hackers have yet published the full trove of stolen data.