HPE confirms Russian hackers stole sensitive employee data in May 2023 breach, impacting driver’s licenses, SSNs, and credit card numbers.

Continue reading
Hewlett Packard Enterprise (HPE) has confirmed that Russian state-sponsored hackers have stolen sensitive employee data in a devastating cyberattack. The breach, which targeted the company’s Office 365 email environment, transpired in May 2023 and only recently came to light in official filings and breach notification letters sent to affected individuals.
The hacking group responsible, Cozy Bear (also known as APT29, Midnight Blizzard, and Nobelium), is believed to be linked to Russia’s Foreign Intelligence Service (SVR). This notorious group has previously been involved in high-profile breaches, including the infamous SolarWinds supply chain attack in 2020.
The breach is a part of a broader campaign by Cozy Bear, which targeted not just HPE's email environment, but also its SharePoint server in the same timeframe, further compromising confidential data across multiple systems.
According to breach notification letters sent to affected employees, personal data such as driver’s licenses, credit card numbers, and Social Security numbers were stolen. At least 16 employees were notified of the breach, though the full extent of the breach remains unclear. HPE spokespersons confirmed that it was "a limited group of HPE team member mailboxes that were accessed," and stressed that only the data contained in these mailboxes was impacted.
The breach was first disclosed publicly in an SEC filing dated January 29, 2024, where Hewlett Packard Enterprise revealed that it was notified on December 12, 2023, that the Cozy Bear hackers had compromised its cloud-based Office 365 email environment in May 2023. The hackers exploited a compromised account, gaining access to email inboxes of select employees in cybersecurity, go-to-market, and other critical business sectors.
HPE’s official statement confirmed that the hackers began exfiltrating data in May 2023 and continued until the discovery of the breach. The company stated that the accessed data was limited to information contained in the mailboxes of the affected employees.
In the SEC filing, HPE indicated that this breach may have been linked to a second breach in May 2023, where hackers also targeted the company’s SharePoint server and stole files. This came on the heels of Microsoft’s January 2024 announcement that Cozy Bear hackers had infiltrated their network, accessing both corporate email accounts and source code repositories.
This isn’t the first time that Hewlett Packard Enterprise has been targeted by cybercriminals. In 2018, Chinese state-sponsored hackers breached HPE’s network, leading to compromises of its customer devices. HPE also reported a significant breach in 2021 when data repositories for its Aruba Central network monitoring platform were hacked, exposing sensitive information about monitored devices and their locations.
Additionally, in February 2024 and January 2025, HPE launched investigations into potential new security breaches after an actor using the IntelBroker handle claimed responsibility for stealing HPE credentials, source code, and other proprietary information.
Hewlett Packard Enterprise began notifying employees whose personal data had been stolen starting in January 2025, following legal requirements to inform affected individuals. The breach notification letters state that the stolen data was "subject to unauthorized access," which HPE is continuing to investigate.
In a statement, HPE assured that it was taking steps to strengthen its cybersecurity measures to prevent further attacks. They also emphasized that this breach is being addressed with full compliance to applicable law.
HPE has long been an attractive target for hackers due to its role in providing enterprise-grade IT solutions across sectors. This breach has raised questions about the strength of the company’s internal security measures and its ability to safeguard employee data. The breach also underscores the growing risk of cyberattacks targeting state-sponsored groups who possess advanced tools and techniques to infiltrate even the most secure environments.
In response, HPE is actively working on bolstering its security framework, with a focus on enhanced encryption, better endpoint protection, and tighter control over third-party access to corporate resources.
The HPE breach serves as a stark reminder of the increasing sophistication of cyberattacks targeting major corporations. With nation-state actors involved, the risks are far more severe than conventional attacks. The breach highlights the need for all enterprises to continuously update their cybersecurity strategies and adopt advanced threat detection systems.
What can we learn from this breach? The importance of multi-layered security, immediate incident response, and employee data protection cannot be overstated. In the face of evolving threats, companies like HPE must remain vigilant, and more importantly, transparent, in their efforts to protect sensitive data.
This attack should be a wake-up call for all organizations: cybersecurity is no longer optional, it’s a necessity.
#HPEBreach #CozyBear #APT29 #CyberSecurity #DataBreach #RussianHackers #HewlettPackard #TechSecurity #Office365Breach #DataProtection #SecurityAwareness

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been