Hewlett Packard Enterprise (NYSE: HPE) has started notifying individuals affected by a data breach caused by a cyberattack in 2023. The company confirmed that the bad actors had accessed internal email mailboxes and SharePoint systems of HPE and then stole personal data, including Social Security numbers and driver’s license information.

HPE blamed the breach on Midnight Blizzard, the Russian state-sponsored hacking group also described as APT29 or Cozy Bear.

Because the breach remained undetected until early 2024, it especially impacted HPE’s cybersecurity, business, and go-to-market teams. While HPE has not released an exact number of people affected, data breach notification letters have started to be sent to some whose sensitive information may have been disclosed. This also aligns with a series of bigger-scale cyber espionage, including another breach into Microsoft’s corporate network.

Why It Matters: This breach is part of an ongoing nation-state-sponsored cyberattack against big tech companies. Sensitive personal and corporate data has been exposed, raising the risk of espionage, identity theft, and other security vulnerabilities. This also raises awareness about cloud-based enterprise solutions being at risk, even if maintained by giant tech companies like Microsoft.

• Sensitive Data Exposed: The stolen information includes names, Social Security numbers, driver’s license details, and possibly credit card numbers, putting affected individuals at risk of identity theft and fraud. Attackers may exploit this data for financial gain, blackmail, or further cyberattacks. Businesses connected to HPE should assess whether any of their proprietary information was also compromised.

• Russian Hackers Implicated: HPE has attributed the breach to Midnight Blizzard, a cyber-espionage group linked to Russia’s SVR intelligence agency. Midnight Blizzard is known for its involvement in high-profile cyberattacks, including the 2019 SolarWinds breach, which targeted U.S. federal agencies. Their tactics often involve infiltrating cloud-based enterprise systems to access sensitive government and corporate data.

• Microsoft’s Systems Also Targeted: Midnight Blizzard has also been linked to a separate attack on Microsoft’s corporate network. The hackers reportedly focused on email accounts belonging to executives and senior cybersecurity personnel, likely to gather intelligence on how Microsoft tracks and mitigates their activities. This suggests that the breach of HPE could have been part of a larger coordinated effort targeting multiple tech giants.

• Breach Notification Issued to Affected Individuals: HPE has begun notifying those impacted by the breach, but the total number of affected individuals remains undisclosed. Those receiving notifications should take immediate steps to safeguard their identity, including credit monitoring, changing passwords, and remaining vigilant for phishing attempts that could exploit stolen information.

• Enterprise Security Risks Highlighted:
  The breach demonstrates the risks of storing sensitive data in cloud-based environments, even those managed by well-established providers like Microsoft. It highlights the growing trend of cyber-espionage targeting enterprise IT infrastructure, reinforcing the need for stronger authentication measures, better network segmentation, and enhanced cybersecurity monitoring.

Go Deeper -> HPE begins notifying data breach victims after Russian government hack -TechCrunch

HPE begins notifying data breach victims after Russian government hack -BleepingComputer