Hewlett Packard Enterprise (HPE) warns employees whose personal data was stolen in a May 2023 cyberattack coordinated by a Russian state-sponsored hacker. This violation has compromised HPE’s Office 365 email environment and released confidential information.
HPE began notifying affected individuals in January 2025, according to a filing with the State Attorney’s Office for New Hampshire and Massachusetts. At least 16 employees stole driver’s licenses, Social Security numbers and credit card details.
“HPE forensic investigations have determined that the personal information of a particular individual may be subject to unauthorized access,” the company said in its notice of violation.
Cozy bear behind the attack
The cyberattacks are attributed to Cozy Bear (also known as Midnight Blizzard, Apt29, and Nobelium), a Russian hacking group associated with Russia’s foreign intelligence reporting agency (SVR). The cozy Bear has a history of famous violations, including the 2020 solar attack.
Sign up now FutureCrime Summit 2025 – Secure your spot now!
HPE disclosed the case in a SEC filing on January 29, 2024, and revealed that it was notified on December 12, 2023 of a suspected Russian violation of its cloud-based email system. Hackers have excluded data from cybersecurity, marketplace and some employee mailboxes in the business segment.
A spokesman for HPE said that only “a limited group of mailboxes” was accessed and no other corporate systems were involved. However, further investigation is underway.
SharePoint server also violated
The Office 365 attack is believed to have been linked to the May 2023 breach, infiltrating HPE’s SharePoint server, stealing files.
A few days before HPE’s disclosure, Microsoft reported that Cozy Bear had compromised the company’s email accounts and source code repository. Microsoft tracked the violations until November 2024 when hackers used password spray attacks to access legacy test accounts.
History of HPE’s Cyber Violation
This is not the first time HPE has been targeted.
2018: Chinese hackers infiltrated HPE’s network and used it to violate customer devices. 2021: The company reported a data breach for the Aruba Central Network Monitoring Platform and published its device and location data. 2024-2025: A hacker who claimed to have stolen credentials, source code and sensitive data using Alias IntelBroker has investigated the new security threat.
HPE works with law enforcement and cybersecurity experts to address violations and ensure that necessary notifications are being made.
