HPE starts contacting victims of 2023 Russian cyberattack

News
By
published

It is notifying those hit by May 2023 Midnight Blizzard incident

Closing the cybersecurity skills gap
(Image credit: Shutterstock)
  • HPE begins notifying those affected by the 2023 Midnight Blizzard attack
  • So far, at least a dozen people have received their breach notification letters
  • We don't know exactly how many people were affected

Hewlett Packard Enterprise (HPE) has started sending out breach notification letters to people who were affected by the 2023 data breach, with TechCrunch reporting the company has notified at least a dozen individuals so far, citing a review of breach notices filed with two US state attorney generals.

HPE reported Russian state-sponsored threat actors known as Midnight Blizzard breached its IT systems in 2023 and stole sensitive data from its employees’ email inboxes. In an 8-K submission filed with the US Securities and Exchange Commission (SEC) at the time, the company said the attack started in mid-May 2023, and that it spotted it on December 12.

The investigation uncovered that Midnight Blizzard (also known as Cozy Bear, or Nobelium) had access to “a small percentage” of HPE’s cloud-based email inboxes. Newer reports claim the crooks took Social Security numbers, driver’s license information, and credit card numbers, as well.

No material impact

HPE said the attackers used “a compromised account to access internal HPE email boxes in our Office 365 email environment.” Later, the company clarified the mailboxes belonged to HPE employees in cybersecurity, go-to-market, and business departments.

The exact number of compromised individuals is not known. The company told TechCrunch the data was “limited to information contained in the users’ mailboxes,” suggesting a relatively small number.

That being said, HPE doesn’t believe the attack will have a material impact on the company, or that it will disrupt its operations.

“Upon undertaking such actions, we determined that such activity did not materially impact the Company,” HPE said in the filing. “As of the date of this filing, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe
Outdoor photograph of a pair of hands holding a smartphone with navigator location points in the background

Millions of phone location records feared leaked as one of the biggest data leaks ever may be a whole lot worse
EVision Auto LED Display

This LED display can turn your Tesla’s front-end into a Ferrari, Rolls-Royce or Elon Musk's grinning face
See more latest