[ad_1]
Hewlett Packard Enterprise (HPE) is notifying workers whose knowledge was stolen from the corporate’s Office 365 electronic mail setting by Russian state-sponsored hackers in a May 2023 cyberattack.
According to filings with Attorney General workplaces in New Hampshire and Massachusets, HPE began sending the breach notification letters final month to not less than 16 individuals who had their driver’s licenses, bank card numbers, and Social Security numbers stolen.
“HPE’s forensic investigation decided that sure people’ private info might have been topic to unauthorized entry,” the corporate says within the letters. “On January 29, 2025, HPE started offering discover of this occasion to impacted people, in accordance with relevant legislation.”
When requested to share the variety of workers affected by this knowledge breach, an HPE spokesperson mentioned it was “a restricted group of HPE workforce member mailboxes that had been accessed, and solely the data contained in these mailboxes was concerned.”
The group behind the assault, Cozy Bear (also referred to as Midnight Blizzard, APT29, and Nobelium), is believed to be a part of Russia’s Foreign Intelligence Service (SVR) and has additionally been linked to different high-profile breaches, together with the notorious 2020 SolarWinds provide chain assault.
The HPE breach incident was first disclosed in an SEC submitting on January 29, 2024, when the corporate mentioned it was notified on December 12 that suspected Russian hackers breached its cloud-based Office 365 electronic mail setting in May 2023 utilizing a compromised account.
“We decided that this nation-state actor accessed and exfiltrated knowledge starting in May 2023 from a small proportion of HPE mailboxes belonging to people in our cybersecurity, go-to-market, enterprise segments, and different features. We consider the nation-state actor is Midnight Blizzard, also referred to as Cozy Bear,” HPE informed BleeingComputer on the time.
“The accessed knowledge is restricted to info contained within the customers’ mailboxes. We proceed to research and can make acceptable notifications as required.”
Sharepoint server breached by the identical hackers
In the SEC submitting, HPE added that the Office 365 incident was seemingly associated to a different May 2023 breach, when menace actors accessed the corporate’s SharePoint server and stole recordsdata.
Days earlier than HPE’s disclosure, Microsoft additionally warned that Cozy Bear hackers stole knowledge from company electronic mail accounts and supply code repositories. They first breached Microsoft’s community in November 2024 in a password spray assault to entry a legacy non-production check tenant account.
HPE was beforehand breached in 2018 when Chinese malicious actors hacked into its community and used that entry to breach its prospects’ gadgets.
In 2021, it additionally disclosed that the info repos for its Aruba Central community monitoring platform had been compromised, permitting a menace actor to entry details about monitored gadgets and their areas.
More lately, in February 2024 and January 2025, the corporate began investigating different potential safety breaches after a menace actor utilizing the IntelBroker deal with claimed to have stolen HPE credentials, supply code, and different delicate info.