Hewlett Packard Enterprise (HPE) has officially begun notifying individuals impacted by a 2023 cyberattack, confirming that sensitive personal data was compromised by state-sponsored Russian hackers. The breach, which targeted internal email systems and SharePoint files, resulted in the theft of highly personal information.
Data Breach Scope and Stolen Information
Recent filings with U.S. state attorneys general reveal that the stolen data includes Social Security numbers, driver’s license information, and credit card details. According to official documentation submitted to the state of Massachusetts, at least a dozen individuals have been contacted thus far, though the total number of victims remains undisclosed by the company.
Anatomy of the Intrusion
The unauthorized access originated in May 2023, targeting HPE’s email mailboxes and SharePoint systems hosted by Microsoft. HPE publicly disclosed the incident in January 2024, admitting that threat actors utilized a compromised account to infiltrate their Office 365 environment. The exfiltrated data primarily affected employees within HPE’s cybersecurity, go-to-market, and business divisions, alongside a limited number of customers whose information was contained within those specific mailboxes.
Attribution to Midnight Blizzard
HPE has formally attributed the attack to “Midnight Blizzard,” a threat group widely recognized by security researchers as being affiliated with the SVR, Russia’s foreign intelligence service. Also identified as APT29 or “Cozy Bear,” the collective is notorious for large-scale espionage operations, most notably the 2019 SolarWinds campaign against the U.S. federal government.
Broader Security Context
The incident is part of a wider campaign by Midnight Blizzard, which also successfully compromised Microsoft’s corporate network during the same period. Microsoft reported that the attackers specifically targeted senior executives and cybersecurity staff, likely attempting to gain intelligence on how the company tracks and analyzes their cyber operations.