Hewlett Packard Enterprise (HPE) is notifying workers whose information was stolen from the corporate’s Workplace 365 e-mail atmosphere by Russian state-sponsored hackers in a Could 2023 cyberattack.
In line with filings with Lawyer Common places of work in New Hampshire and Massachusets, HPE began sending the breach notification letters final month to not less than 16 individuals who had their driver’s licenses, bank card numbers, and Social Safety numbers stolen.
“HPE’s forensic investigation decided that sure people’ private data might have been topic to unauthorized entry,” the corporate says within the letters. “On January 29, 2025, HPE started offering discover of this occasion to impacted people, in accordance with relevant regulation.”
When requested to share the variety of workers affected by this information breach, an HPE spokesperson mentioned it was “a restricted group of HPE workforce member mailboxes that have been accessed, and solely the data contained in these mailboxes was concerned.”
The group behind the assault, Cozy Bear (also called Midnight Blizzard, APT29, and Nobelium), is believed to be a part of Russia’s International Intelligence Service (SVR) and has additionally been linked to different high-profile breaches, together with the notorious 2020 SolarWinds provide chain assault.
The HPE breach incident was first disclosed in an SEC submitting on January 29, 2024, when the corporate mentioned it was notified on December 12 that suspected Russian hackers breached its cloud-based Workplace 365 e-mail atmosphere in Could 2023 utilizing a compromised account.
“We decided that this nation-state actor accessed and exfiltrated information starting in Could 2023 from a small proportion of HPE mailboxes belonging to people in our cybersecurity, go-to-market, enterprise segments, and different capabilities. We imagine the nation-state actor is Midnight Blizzard, also called Cozy Bear,” HPE instructed BleeingComputer on the time.
“The accessed information is proscribed to data contained within the customers’ mailboxes. We proceed to analyze and can make applicable notifications as required.”
Sharepoint server breached by the identical hackers
Within the SEC submitting, HPE added that the Workplace 365 incident was possible associated to a different Could 2023 breach, when menace actors accessed the corporate’s SharePoint server and stole recordsdata.
Days earlier than HPE’s disclosure, Microsoft additionally warned that Cozy Bear hackers stole information from company e-mail accounts and supply code repositories. They first breached Microsoft’s community in November 2024 in a password spray assault to entry a legacy non-production check tenant account.
HPE was beforehand breached in 2018 when Chinese language malicious actors hacked into its community and used that entry to breach its clients’ gadgets.
In 2021, it additionally disclosed that the info repos for its Aruba Central community monitoring platform had been compromised, permitting a menace actor to entry details about monitored gadgets and their areas.
Extra lately, in February 2024 and January 2025, the corporate began investigating different potential safety breaches after a menace actor utilizing the IntelBroker deal with claimed to have stolen HPE credentials, supply code, and different delicate data.
