Hewlett Packard Enterprise (HPE) has begun notifying employees affected by a data breach involving its Office 365 email system, which was compromised by Russian state-sponsored hackers in May 2023.

As reported in filings with the Attorney General offices in New Hampshire and Massachusetts, HPE initiated the distribution of breach notification letters last month. At least 16 individuals had sensitive information, such as driver's licenses, credit card numbers, and Social Security numbers, stolen.

The company stated that a forensic investigation revealed unauthorized access to certain personal data. Notifications to those impacted began on January 29, 2025, in compliance with relevant laws.

Details of the Breach

HPE clarified that the breach affected a limited number of employee mailboxes, with only the data within those mailboxes being compromised. The attackers, known as Cozy Bear or Midnight Blizzard, are linked to Russia's Foreign Intelligence Service (SVR) and have been associated with other significant breaches, including the 2020 SolarWinds attack.

The breach was first disclosed in an SEC filing on January 29, 2024. HPE was informed on December 12 that suspected Russian hackers had infiltrated its cloud-based Office 365 email system in May 2023 using a compromised account.

Additional Breaches

HPE also noted that the Office 365 breach might be connected to another incident in May 2023, where hackers accessed the company's SharePoint server and extracted files.

Prior to HPE's announcement, Microsoft had warned that Cozy Bear hackers had stolen data from corporate email accounts and source code repositories. The initial breach of Microsoft's network occurred in November 2024 through a password spray attack.

Historical Context

HPE has faced previous security challenges. In 2018, Chinese hackers infiltrated its network, subsequently compromising customer devices. In 2021, HPE disclosed a breach of its Aruba Central network monitoring platform, which exposed information about monitored devices and their locations.

More recently, in February 2024 and January 2025, HPE began investigating other potential breaches after a threat actor using the IntelBroker alias claimed to have accessed HPE credentials, source code, and other sensitive data.

For further insights into zero-day vulnerabilities and cybersecurity measures, visit our Research section.

The link has been copied!