Product Security

We provide products and services that store and transfer data with the understanding that protecting data is critical to our users. We strive to innovate and enhance our products to provide increased privacy and security. Transparency of our privacy and security practices is essential to our commitment to users, and to that end, we have created this web page to provide timely information.


Report a Security Issue

To report a security issue you believe you have found in a Western Digital product or service, including issues which may affect the privacy of user data, please email the details of your findings to the PSIRT (Product Security Incident Response Team) at If possible, please include the following: 

  • the specific product(s) or service(s) affected, including any relevant version numbers;
  • details on the impact of the issue;
  • any information that can help reproduce or diagnose the issue, including a Proof of Concept (PoC) if available; and
  • whether you believe the vulnerability is already publicly disclosed or known to third parties.

Please use our PGP/GPG key to encrypt the information before sending it. The Western Digital PSIRT will respond to your email within 3 business days.

Once the report has been confirmed, Western Digital will work with you to coordinate disclosure. We typically request a disclosure timeframe of 90 days, consistent with industry norms. Western Digital will request the assignment of CVE IDs for confirmed issues.

Western Digital does not currently offer or participate in a bug bounty program.