HPE Data Breach: Victims Notified After Russian Government Hack

HPE Data Breach Affects Individuals

Hewlett Packard Enterprise (HPE) has initiated notifications to individuals impacted by a 2023 cyberattack. The company attributes this security incident to the actions of hackers affiliated with the Russian government.

Details of the Notification Process

According to a review of breach notifications submitted to state attorneys general in the U.S., HPE has, to date, informed over a dozen individuals regarding the compromise of their personal data.

Types of Data Compromised

The data exposed in the breach encompassed sensitive information such as Social Security numbers, driver’s license details, and credit card numbers. This information was detailed in a filing with the state of Massachusetts.

The Nature of the Intrusion

The security breach stemmed from an intrusion that began in May 2023, targeting HPE’s email mailboxes and Microsoft SharePoint systems. SharePoint is a software solution used by companies to create internal network portals.

HPE made a public announcement regarding the incident in January 2024, confirming that the attackers successfully extracted data from a limited number of email mailboxes and certain SharePoint files.

Access Method and Affected Teams

HPE stated that the hackers gained access through a compromised account within their Office 365 email environment. The stolen data primarily originated from individuals within HPE’s cybersecurity, go-to-market, and business teams.

Scope of the Breach

While HPE spokesperson Adam R. Bauer declined to specify the total number of affected individuals when contacted by TechCrunch, he clarified that the accessed data was confined to the contents of user mailboxes.

This included information pertaining to some HPE employees and a limited number of customers whose data was present within those emails.

Attribution to Midnight Blizzard

HPE has consistently attributed the attack to a hacking group known as Midnight Blizzard. Security researchers have linked this group to Russia’s foreign intelligence service, the SVR.

Midnight Blizzard, also recognized as APT29 and Cozy Bear, has been implicated in several significant attacks, including the 2019 SolarWinds espionage campaign which targeted the U.S. federal government.

Microsoft's Parallel Compromise

In January 2024, Microsoft also acknowledged a compromise of its corporate network by Midnight Blizzard. The hackers specifically targeted the email accounts of corporate executives and senior cybersecurity personnel.

Microsoft believes this targeting was likely an attempt to gather intelligence regarding the company’s knowledge of the hacking group’s activities.

This article has been updated to include a statement from HPE.