Skip to main content
close search
site logo
Dive Brief

HPE issues breach notifications for 2023 Midnight Blizzard attack

Russian state-sponsored hackers compromised the tech giant’s Office 365 email environment.

Published Feb. 10, 2025
By
Contributing Reporter
HPE, Juniper, Cisco, DOJ
JHVEPhoto via Getty Images

Dive Brief:

  • Hewlett Packard Enterprise began issuing data breach notifications to various state attorney general offices regarding personal data, including Social Security and credit card numbers, that were exposed in a 2023 cyberattack.

  • In the attack, a Russian state-backed threat group known as Midnight Blizzard gained access to HPE's Office 365 email environment for months and exfiltrated data from a "small percentage" of mailboxes.

  • Midnight Blizzard, also known as APT29 and Cozy Bear, is also responsible for the massive supply chain attack on SolarWinds as well as a similar breach of Microsoft's corporate email system that was discovered in early 2024.

Dive Insight:

HPE's Midnight Blizzard attack was first disclosed in January 2024 in an 8K filing with the Securities and Exchange Commission. According to the filing, HPE was notified on Dec. 12, 2023, that a suspected nation-state threat group had breached its Office 365 email environment. An investigation revealed that starting in May 2023, Midnight Blizzard actors accessed emails and pilfered data from mailboxes "belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions."

In a breach notification letter filed with the New Hampshire attorney general's office, the tech giant disclosed that some individuals' personal data may have been exposed in the breach. HPE emphasized that the incident has since been contained and remediated.

"HPE's forensic investigation determined that certain individuals’ personal information may have been subject to unauthorized access," the letter stated. "With the assistance of e-discovery specialists, HPE conducted a thorough review of the data at issue to identify the types of information that may have been subject to unauthorized access and determine to whom this information relates."

While the letter did not specify what types of personal data were exposed, a separate breach notification filing with the state of Massachusetts indicated that Social Security numbers, driver's license numbers and credit/debit card numbers were compromised in the attack. An HP spokesperson told Cybersecurity Dive that some of the exposed data belongs to customers.

"The information accessed was limited to what was contained in a small percentage of HPE employee email boxes," the spokesperson said. "We notified those users, as well as a small number of customers whose information may have been in those emails. We are not providing exact counts."

HPE's breach came to light shortly after Microsoft revealed a similar incident in January 2024 in which Midnight Blizzard gained access to "a very small percentage of Microsoft corporate email accounts." Following an investigation, Microsoft later disclosed that Midnight Blizzard used password spraying attacks to compromise a legacy non-production test tenant account that did not have MFA enabled.

 

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Invary’s Mission to Ensure the Confidentiality and Security of Systems at Runtime Accelerates …
From Invary
February 03, 2025
Cobalt Iron Compass® Named a DCIG TOP 5 Enterprise VMware Backup Solution for 2025-26
From Cobalt Iron
February 05, 2025
Americans Growing More Dependent on Digital Services, but Trust in Data Privacy Remains Low, N…
From Upwind
January 28, 2025
c/side's New PCI DSS Dashboard Covers Third-Party Web Script Security
From c/side
January 29, 2025
Editors' picks
Latest in Breaches
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.