Got this yesterday - little frustrating I can’t login to change password/delete my account though it’s a little late for that it seems now
Categories
13 Comments
sorted by
There is a page here - westerndigital.com/en-…orm - where you can request that they delete all your data.
I don't know if this is a good idea, but I did it earlier this morning, having received the same email, out of annoyance with Western Digital.
It did strike me later that it would probably make claiming any compensation later more problematic, but I'm not optimistic about that anyway.
It feels like these days if a company has a data breech they email out an apology, maybe improve their security a bit, and then carry on with minimal consequences.
I did think about complaining to the ICO, but I doubt it would change much.
Received this today. I will be using my virtual credit card more in the future. Thankfully the card I used with them expired months ago. Will change my password when able to.
Wait. Is the image displayed in opening post
• a screenshot of the raw text sent from WD,
or
• has WD provided the notification as a unique URL to an image hosted by WD that can only be viewed when permitting "display external images"?
If the latter:
opening a unique image from an email will provide WD (and its email service provider) with more personal information about the customer such as the recipient's email address still being active or not, plus IP, ISP, location, etc.,
whilst also preventing easy quoting of the text content / phrases.
Hilarious.The letter is done as an image.
I'm not sure if that image contains tracking information in it's URL.
But the email also contains a link to a 1x1 pixel image, which I would think almost certainly is for tracking.
Name, address, phone number, and email address doesn't sound limited to me. Affected customers should receive significant compensation for this but I doubt they will.
I am depending on some law firm filing a class action lawsuit in the US which will result in consumers getting paid peanuts after 3-4 years.
I too got a few of these - never thought to post it on here - good thinking OP!- Got the email. Looks like the breach was discovered in late March and the full extent understood over the next few weeks.
Maybe that's why my credit card reissued a new card/number 10 days later.
I use PayPal and Google Pay these days and this was one of my older accounts.
Got this today as well wasn't sure if it was fake
Yikes
Dear Customer,
We are writing to notify you about a network security incident involving your Western Digital online store account. After learning of the incident, we quickly launched an investigation to understand its nature and scope. We are working with leading outside forensic and security experts to assist with our investigation and are coordinating with law enforcement.
Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers. The information included customer names, billing and shipping addresses, email addresses, and telephone numbers. As a security measure, the relevant database stored, in encrypted format, hashed passwords (which were salted) and partial credit card numbers.
We have temporarily suspended online store account access and the ability to make online purchases. We expect to restore access the week of May 15, 2023.
As a precautionary measure, you can take the following steps to help protect your personal information from potential misuse:
We hope this information is useful to you. If you have any questions regarding this incident, please call 00800-27549338, Monday - Friday, 9AM- 6PM GMT.
We take the protection of your personal information very seriously and regret any inconvenience this may cause you.
Sincerely,
Eyal Bek
Vice President, E-commerce