HPE Aruba Data Breach: Customer Data Compromised

HPE Confirms Data Breach Affecting Aruba Networks Customers

HPE has acknowledged a data security incident impacting a “limited subset” of its customer data. This breach occurred within Aruba Networks, a subsidiary specializing in networking equipment.

Unauthorized Access to Aruba Central Cloud

The technology firm stated that an unauthorized individual leveraged a private key to access customer data residing within its Aruba Central cloud environment. While the method of key acquisition remains undisclosed, it facilitated access to cloud servers across multiple regions storing customer information.

Background on Aruba Networks

HPE acquired Aruba Networks in 2015 for a sum of $3 billion. Aruba delivers networking solutions, including wireless access points and robust network security features for businesses.

The Aruba Central platform allows organizations to centrally monitor and manage their Wi-Fi networks.

Compromised Data Details

The compromised data originates from Wi-Fi information gathered through Aruba Central. HPE identified two specific data sets as being exposed.

One dataset contained network analytics, detailing devices connecting to a customer’s Wi-Fi network.
The second dataset comprised location data pertaining to devices on the network.

The exposed location data’s precision wasn’t specified, but HPE indicated it “could allow the general vicinity of a user’s location to be determined.”

Specific Data Elements Exposed

The data included device-specific details such as MAC and IP addresses, device hostname, and operating system. In certain instances, usernames associated with Wi-Fi network access were also included.

HPE clarified that usernames are customer-defined and may contain identifying information like a user’s name or email address.

Encryption and Potential Data Exfiltration

Although the data was both scrambled and encrypted, the compromised private key possessed the necessary permissions to utilize the decryption key. It remains uncertain whether the data was ultimately decrypted.

HPE believes that only a “very small amount, if any” data was actually removed from the system. However, the company does not maintain logs of individual file access, making it difficult to pinpoint specific affected customers or files.

Timeline of the Incident

The initial unauthorized key usage was detected on October 9th. However, the intrusion wasn’t identified by HPE until November 2nd.

Due to the company’s data purge policy, information is automatically removed from cloud servers every 30 days, limiting the scope of the breach to records dating back to September 10th.