Western Digital Says Hackers Stole Data in Network Security Breach (techcrunch.com) 7
Data storage giant Western Digital has confirmed that hackers exfiltrated data from its systems during a "network security incident" last week. From a report: The California-based company said in a statement on Monday that an unauthorized third party gained access to "a number" of its internal systems on March 26. Western Digital hasn't confirmed the nature of the incident or revealed how it was compromised, but its statement suggests the incident may be linked to ransomware. [...] Western Digital notes that the incident "has caused and may continue to cause disruption" to the company's business operations.
Thinking small (Score:3)
If these guys got actual data off of Western Digital, then they've done what most of even us older tech guys can't do.
Go for the brass ring and undercut their data recovery service!
I'm just playing WD, you know I love you :D
Coincidence? No way to know yet ... (Score:1)
Very interested in hearing more about what got compromised - by complete coincidence, of course, I have a brand new WD Red+ that smartctl says has servo failures during the self-tests. I wasn't able to register it or query the warranty status, both of which require a serial number lookup that was erroring out - the customer service interface and its associated data would be a tempting target for a hacker.
How can an employee cover his/her tail (Score:3, Interesting)
To avoid this scenario, I set edge to be the default browser, totally locked down and never used. So if any hack launches the default browser, it is not going to get much.
I use chrome for company emails, links, teams and tfs, use firefox for personal surfing. I never go to any other site. Just three or four, yahoo stock ticker, slashdot, nytimes and wa po. Rarely python manuals for syntax. I never install anything other than what's in the approved software list, that too only by clicking their official link.
But I am still worried. Top honchos send emails that check marks every marker for a phish according to their own training. Urgency, apparently from the top, link to external domain, .... Call them, they say, "we appreciate you being concerned, but this mail is ok".
They don't seem to get this mail is not the problem, it is making it very habitual for people to click on links if seems to be coming from the top and with lots urgency market. I gave up. I have gone on the record many times, we should never send live links. If I see a live link, it must be a phish.
What more can one do to cover one's a**