Hewlett Packard Enterprise (HPE) is notifying staff whose knowledge was stolen from the corporate’s Workplace 365 e-mail atmosphere by Russian state-sponsored hackers in a Might 2023 cyberattack.
In keeping with filings with Legal professional Common workplaces in New Hampshire and Massachusets, HPE began sending the breach notification letters final month to no less than 16 individuals who had their driver’s licenses, bank card numbers, and Social Safety numbers stolen.
“HPE’s forensic investigation decided that sure people’ private data could have been topic to unauthorized entry,” the corporate says within the letters. “On January 29, 2025, HPE started offering discover of this occasion to impacted people, in accordance with relevant legislation.”
When requested to share the variety of staff affected by this knowledge breach, an HPE spokesperson stated it was “a restricted group of HPE workforce member mailboxes that have been accessed, and solely the data contained in these mailboxes was concerned.”
The group behind the assault, Cozy Bear (also called Midnight Blizzard, APT29, and Nobelium), is believed to be a part of Russia’s International Intelligence Service (SVR) and has additionally been linked to different high-profile breaches, together with the notorious 2020 SolarWinds provide chain assault.
The HPE breach incident was first disclosed in an SEC submitting on January 29, 2024, when the corporate stated it was notified on December 12 that suspected Russian hackers breached its cloud-based Workplace 365 e-mail atmosphere in Might 2023 utilizing a compromised account.
“We decided that this nation-state actor accessed and exfiltrated knowledge starting in Might 2023 from a small share of HPE mailboxes belonging to people in our cybersecurity, go-to-market, enterprise segments, and different features. We imagine the nation-state actor is Midnight Blizzard, also called Cozy Bear,” HPE advised BleeingComputer on the time.
“The accessed knowledge is restricted to data contained within the customers’ mailboxes. We proceed to research and can make acceptable notifications as required.”
Sharepoint server breached by the identical hackers
Within the SEC submitting, HPE added that the Workplace 365 incident was seemingly associated to a different Might 2023 breach, when menace actors accessed the corporate’s SharePoint server and stole recordsdata.
Days earlier than HPE’s disclosure, Microsoft additionally warned that Cozy Bear hackers stole knowledge from company e-mail accounts and supply code repositories. They first breached Microsoft’s community in November 2024 in a password spray assault to entry a legacy non-production check tenant account.
HPE was beforehand breached in 2018 when Chinese language malicious actors hacked into its community and used that entry to breach its prospects’ gadgets.
In 2021, it additionally disclosed that the info repos for its Aruba Central community monitoring platform had been compromised, permitting a menace actor to entry details about monitored gadgets and their areas.
Extra lately, in February 2024 and January 2025, the corporate began investigating different potential safety breaches after a menace actor utilizing the IntelBroker deal with claimed to have stolen HPE credentials, supply code, and different delicate data.
