Hewlett-Packard informs employees of data breach

Hewlett-Packard Enterprise (HPE) has notified employees whose data was stolen during a cyberattack that took place in December 2023.

According to filings with Attorney General offices in New Hampshire and Massachusets, HPE has sent data breach notifications last month to at least 16 employees.

According to the letter, a nation-state actor succeeded in gaining access to the company’s cloud-based Office 365 email environment. “With assistance from external cybersecurity experts, HPE immediately responded to investigate, contain, and remediate the incident, eradicating the activity,” the notification states.

Forensic researchers found out that personal information was exfiltrated during the unauthorized access, including full names, social security numbers, copies of driver’s licenses, and credit/debit card numbers.

“In response to this incident, we have taken steps to contain and remediate the incident. Additionally, we have notified law enforcement. Moreover, we took additional remediation actions, such as strengthening network security by rotating passwords, tokens and keys, expanding monitoring and logging measures, additional controls and requirements for privileged account logins, and expanding internal communication around security measures,” HPE says in its data breach notification.

The company is warning affected employees to be cautious as their personal information can be used by criminals for identity theft and other fraudulent activities.

According to BleepingComputer, the incident was first disclosed in an 8-K Filing on January 29, 2024. HPE stated that the office email environment was accessed in May 2023 using a compromised account.

The group responsible for the attack is called Cozy Bear, but is also known as Midnight Blizzard, APT29 and Nobelium. Cybersecurity experts believe the operation is linked to Russia’s foreign intelligence service SVR and has conducted several high-profile attacks, including the SolarWinds supply chain attack back in 2020.

This isn’t the first time HPE has to deal with hackers. Last month, the company launched an investigation into a potential data breach after a well-known hacker claimed that he had stolen sensitive corporate information that HPE doesn’t want to appear in the public domain, including source code from private GitHub repositories, as well as access keys to several HPE services, including APIs and platforms like WePay, GitHub and GitLab.