Update on the Western Digital Breach

Based on an influx of e-mails which reached the inbox this weekend, it appears that Western Digital has identified the scope of data that was exfiltrated during their recent security event. Lawrence Abrams over at bleeping computer has the specific details regarding the pilfered data. While the approach taken by Western Digital has been better than past security events experienced with Anthem, T-Mobile, and Audi, this unfortunate event has been glossed over in their earnings report presentation. There’s no mention in their press releases or presentation regarding lost sales due to having to shut their online store and customer-facing services down for an extended period of time. While their disclosure and notification processes were responsible (and potentially redundant depending on how many drives one purchased), the absence of commitment to improving the security posture for interfaces which generate revenue or enhance brand loyalty is suboptimal at best.