Hewlett Packard Enterprise has begun notifying individuals whose personal information was stolen during a 2023 cyberattack, which the company blamed on Russian government hackers.
HPE has so far notified more than a dozen individuals whose data was stolen in the cyberattack, according to TechCrunch’s review of breach notices filed with at least two U.S. state attorneys general.
The breached data included Social Security numbers, driver’s license information, and credit card numbers, per a filing with the state of Massachusetts.
The breach relates to an intrusion beginning May 2023 into HPE’s email mailboxes and SharePoint systems referring to Microsoft SharePoint software that allows companies to build intranet portals, both of which were hosted by Microsoft. HPE publicly disclosed the incident in January 2024, confirming that the hackers exfiltrated the contents of a “small number” of its email mailboxes and some SharePoint files.
HPE said the hackers used “a compromised account to access internal HPE email boxes in our Office 365 email environment.” HPE later told regulators that the stolen mailbox data predominantly belonged to individuals in HPE’s cybersecurity, go-to-market, and business teams.
When reached by TechCrunch, HPE spokesperson Adam R. Bauer declined to disclose the total number of individuals affected by the breach, but said the accessed data was “limited to information contained in the users’ mailboxes,” including some HPE employees and a small number of customers whose information was contained in the emails.
HPE’s spokesperson reiterated its attribution of the hack to a group dubbed Midnight Blizzard, which security researchers say is linked to Russia’s foreign intelligence service, known as the SVR. Midnight Blizzard (also known as APT29 and Cozy Bear) has been linked to a number of high-profile attacks, including the 2019 SolarWinds espionage campaign targeting the federal government.
Microsoft also confirmed in January 2024 that its corporate network was compromised by Midnight Blizzard. Microsoft said that the Russian hackers targeted the email accounts of corporate executives, as well as senior staff working in cybersecurity, which Microsoft said was likely in an effort to learn what the company knows about the hackers themselves.
Updated with comment from HPE.
