Western Digital confirms breach, shuts down systems

NAS users unable to access data

Security researchers have speculated that the incident could be ransomware-related

Image:
Security researchers have speculated that the incident could be ransomware-related

US-based storage services provider Western Digital has shut down its My Cloud consumer cloud and backup service due to a systems hack.

On 26th March the company detected a security incident where it says an "unauthorised third party" was able to access several systems.

The investigation is still in its early stages, and Western Digital is working with law enforcement to manage the situation.

"Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts," Western Digital said.

The company says it has found evidence showing that the intruder obtained some of its data, although the extent of the leak is still being determined.

Western Digital is now taking steps to enhance its security protocols, including temporarily shutting down certain systems and services.

The firm is working to restore affected infrastructure and services now, but there could still be some disruption to business operations.

Since Sunday, a number of users of the My Cloud network-attached storage (NAS) service have reported issues accessing their cloud-hosted media repositories. Attempts to log in, including for the Home version, have resulted in a "503, service temporarily unavailable" error message.

The service outage has impacted a range of its products and services, including the following devices:

Western Digital is a major storage manufacturer, known for its Western Digital and SanDisk brands that produce spinning and solid-state hard drives, portable drives, USB drives and storage media for digital cameras.

Western Digital also produces the My Cloud family of personal NAS devices and multi-purpose servers.

At this time, there is no information available regarding the specifics of the unauthorised access to Western Digital's network and the theft of its data.

Brett Callow, a ransomware expert at security firm Emsisoft, speculated the firm may have been struck by ransomware.

If the incident is indeed a ransomware attack, data stored in My Cloud or the code required for customers to access it may have been compromised by the attacker(s).

This is not the first time that the company's My Cloud services have experienced issues.

Two major vulnerabilities of Western Digital's My Book Live series of products were found in 2021, which attackers could exploit to remotely wipe the hard drives within the NAS enclosures.