Hewlett Packard Enterprise has begun notifying individuals whose personal information was stolen during a 2023 cyberattack, which the company blamed on Russian government hackers.
HPE has so far notified more than a dozen individuals whose data was stolen in the cyberattack, according to TechCrunch’s review of breach notices filed with at least two U.S. state attorneys general.
The breached data included Social Security numbers, driver’s license information and credit card numbers, per a filing with the state of Massachusetts.
HPE spokesperson Adam R. Bauer did not return requests for comment with questions about the breach.
The breach relates to an intrusion beginning May 2023 into HPE’s email systems and SharePoint environments, referring to Microsoft SharePoint software that allows companies to build intranet portals; both of which were hosted by Microsoft. HPE publicly disclosed the incident in January 2024, confirming that the hackers exfiltrated the contents of a “small number” of its email mailboxes and some SharePoint files.
HPE said the hackers used “a compromised account to access internal HPE email boxes in our Office 365 email environment.” HPE later told regulators that the stolen mailbox data predominantly belonged to individuals in HPE’s cybersecurity, go-to-market, and business teams.
HPE attributed the hack to a group dubbed Midnight Blizzard, which security researchers say is linked to Russia’s foreign intelligence service, known as the SVR. Midnight Blizzard (also known as APT29) has been linked to a number of high-profile attacks, including the 2019 SolarWinds espionage campaign targeting the federal government
Microsoft also confirmed in January 2024 that its corporate network was compromised by Midnight Blizzard. Microsoft said that the Russian hackers targeted the email accounts of corporate executives, as well as senior staff working in cybersecurity, which Microsoft said was likely in an effort to learn what the company knows about the hackers themselves.
