Hewlett Packard Enterprise has begun notifying people whose private info was stolen throughout a 2023 cyberattack, which the corporate blamed on Russian authorities hackers.
HPE has to this point notified greater than a dozen people whose information was stolen within the cyberattack, in line with information.killnetswitch’s evaluate of breach notices filed with a minimum of two U.S. state attorneys basic.
The breached information included Social Safety numbers, driver’s license info and bank card numbers, per a submitting with the state of Massachusetts.
HPE spokesperson Adam R. Bauer didn’t return requests for remark with questions concerning the breach.
The breach pertains to an intrusion starting Might 2023 into HPE’s electronic mail methods and SharePoint environments, referring to Microsoft SharePoint software program that permits firms to construct intranet portals; each of which had been hosted by Microsoft. HPE publicly disclosed the incident in January 2024, confirming that the hackers exfiltrated the contents of a “small quantity” of its electronic mail mailboxes and a few SharePoint recordsdata.
HPE mentioned the hackers used “a compromised account to entry inside HPE electronic mail bins in our Workplace 365 electronic mail atmosphere.” HPE later informed regulators that the stolen mailbox information predominantly belonged to people in HPE’s cybersecurity, go-to-market, and enterprise groups.
HPE attributed the hack to a gaggle dubbed Midnight Blizzard, which security researchers say is linked to Russia’s overseas intelligence service, referred to as the SVR. Midnight Blizzard (also called APT29) has been linked to numerous high-profile assaults, together with the 2019 SolarWinds espionage marketing campaign focusing on the federal authorities
Microsoft additionally confirmed in January 2024 that its company community was compromised by Midnight Blizzard. Microsoft mentioned that the Russian hackers focused the e-mail accounts of company executives, in addition to senior workers working in cybersecurity, which Microsoft mentioned was possible in an effort to study what the corporate is aware of concerning the hackers themselves.
