HPE alerts affected staff after Midnight Blizzard breach

Hewlett Packard Enterprise (HPE) is notifying staff whose personal data was accessed by Russian state-sponsored hackers back in May 2023.

According to filings with the attorney general offices in New Hampshire and Massachusetts, the company has written to at least 16 people, notifying them that their driver's licenses, credit card numbers, and Social Security numbers may have been stolen in the attack.

"HPE’s forensic investigation determined that certain individuals’ personal information may have been subject to unauthorized access. With the assistance of e-discovery specialists, HPE conducted a thorough review of the data at issue to identify the types of information that may have been subject to unauthorized access and determine to whom this information relates," the filing reads.

"On January 29, 2025, HPE began providing notice of this event to impacted individuals, in accordance with applicable law."

Since the attack, HPE said it has taken a series of remediation actions, such as strengthening network security by rotating passwords, tokens and keys, expanding its monitoring and logging measures, and adding extra controls and requirements for privileged account logins.

The firm has also expanded internal communication on security measures.

In the wake of the incident, HPE is offering affected staff free memberships for Equifax Complete Premier, which provides information on changes to victims’ credit reports, as well as WebScan notifications when financial details are found on fraudulent trading platforms.

The package also includes identity restoration services and up to $1,000,000 of identity theft insurance coverage for out of pocket expenses.

"In addition to enrolling in credit monitoring, we recommend that you remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors,” the firm said.

What happened in the HPE attack?

The HPE breach was first disclosed in January 2024 after Microsoft issued a warning that the Midnight Blizzard hacking group had breached its Office 365 email environment.

The attackers targeted several email accounts within HPE’s cybersecurity, marketing, and business teams, using a compromised account to gain access to email mailboxes and steal sensitive data.

Midnight Blizzard is believed to have ties to Russia's Foreign Intelligence Service (SVR), and are best-known for the infamous SolarWinds attack in 2019, which impacted several US governmental bodies, including the department of commerce and the treasury.

HPE has also said it believed that the hack was related to another attack in May 2023, in which Midnight Blizzard gained unauthorized access to several SharePoint files on the HPE system.

However, the firm said this attack had not materially impacted the company.

ITPro has approached HPE for comment.

MORE FROM ITPRO

• 2024 was a record year for commercial cyber attacks
• LinkedIn has become a prime hunting ground for cyber criminals
• How Russian hackers launched their latest attack using Microsoft Teams