HPE Employees' Data Stolen In Midnight Blizzard AttackHPE Employees' Data Stolen In Midnight Blizzard Attack

A small number of HPE employees’ data were stolen in an attack by Russian nation-state hacking group Midnight Blizzard, also known as Cozy Bear.

Midnight Blizzard is also the group behind the massive SolarWinds attack. According to Bleeping Computer, citing attorney general office filings in New Hampshire and Massachusetts, HPE sent breach notification letters last month to at least 16 HPE employees who had their driver's licenses, credit card and Social Security numbers stolen.

“HPE’s forensic investigation determined that certain individuals’ personal information may have been subject to unauthorized access,” HPE said in its notification in New Hampshire. “With the assistance of e-discovery specialists, HPE conducted a thorough review of the data at issue to identify the types of information that may have been subject to unauthorized access and determine to whom this information relates.”

HPE Employee Data Accessed, Exfiltrated

HPE sent us the following statement:

“On Dec. 12, 2023, HPE was notified that a suspected nation-state actor had gained unauthorized access to the company’s Office 365 email environment. HPE immediately activated cyber response protocols to begin an investigation, remediate the incident and eradicate the activity. Through that investigation, we determined that this nation-state actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE employee mailboxes. The accessed data is limited to information contained in the users’ mailboxes, and we have notified impacted parties as appropriate.”

Related:Malicious Hackers Collected Fewer Ransom Payments in 2024

HPE attributes the attack to Midnight Blizzard.

We first reported on this attack in January 2024. At that time, HPE believed the threat actor accessed and exfiltrated data from HPE mailboxes belonging to individuals in its cybersecurity, go-to-market and business segments, and other functions.

Before HPE, Midnight Blizzard targeted Microsoft, compromising a small number of email accounts, including those belonging to senior staff.