Hewlett Packard Enterprise (HPE) has revealed a significant data breach of its Office 365 email environment, attributed to the Russian state-sponsored hacking group Midnight Blizzard (also known as Cozy Bear or APT29).
The company has begun notifying affected employees about the unauthorized access that was first detected in December 2023.
According to HPE's disclosure, the breach began in May 2023 when attackers gained access to several email accounts within the company's cybersecurity, marketing, and business teams.
The hackers successfully exfiltrated sensitive personal information, including Social Security numbers, driver's license details, and employee credit card numbers. Additionally, some files from HPE's SharePoint server were compromised during the incident.
HPE has implemented a comprehensive set of security measures in response to the breach. The company has rotated passwords and security tokens, enhanced its monitoring capabilities, and strengthened access controls for privileged accounts.
HPE began notifying affected individuals on January 29, 2025 and is offering complimentary credit monitoring and identity theft protection services through Equifax Complete Premier.
The company's forensic investigation, conducted with external cybersecurity experts, revealed that the breach was part of a larger campaign by Midnight Blizzard, a group linked to Russia's Foreign Intelligence Service (SVR).
This same group has been previously implicated in other high-profile cyberattacks, including the SolarWinds espionage campaign and a recent breach of Microsoft's corporate network.
In a legal notice filed with the New Hampshire Attorney General's office, HPE's legal representative, Amber Thomson of Mayer Brown LLP, confirmed that at least six New Hampshire residents were affected by the breach. The company emphasized that the incident had been contained and remediated, with law enforcement authorities notified of the attack.
This is not the first time HPE has faced cyberattacks. In past years, the company dealt with breaches involving Chinese threat actors and vulnerabilities in its Aruba Central network monitoring platform.