Hewlett Packard Enterprise (HPE) has recently disclosed a cyberattack that took place in May 2023, orchestrated by Russian state-sponsored hackers, resulting in the theft of personal data belonging to some of its employees. The breach targeted HPE’s Office 365 email environment, leading to the exposure of sensitive information.
In January 2025, HPE initiated the process of notifying individuals affected by the breach, with at least 16 employees having their driver’s licenses, Social Security numbers, and credit card details compromised. The company stated in breach notification letters that a forensic investigation revealed unauthorized access to certain individuals’ personal information.
The cyberattack has been linked to Cozy Bear, a Russian hacking group with ties to the Russian Foreign Intelligence Service (SVR), known for its involvement in high-profile breaches such as the SolarWinds attack in 2020. HPE first publicly acknowledged the incident in an SEC filing on January 29, 2024, following a suspected breach of its cloud-based email system by Russian hackers on December 12, 2023.
The hackers managed to infiltrate select employee mailboxes in departments related to cybersecurity, go-to-market, and business segments, although HPE clarified that only a limited group of mailboxes was accessed, with no other corporate systems being compromised. Despite this, the investigation into the incident is still ongoing.
Furthermore, the breach is believed to be connected to another incident in May 2023, where hackers targeted HPE’s SharePoint server and stole files. In a related development, Microsoft reported that Cozy Bear had also breached its corporate email accounts and source code repositories, tracing the intrusion back to November 2024 through a password spray attack on a legacy test account.
This is not the first time HPE has faced cybersecurity threats, as the company has a history of being targeted by malicious actors:
– In 2018, Chinese hackers breached HPE’s network to exploit customer devices.
– In 2021, a data breach in HPE’s Aruba Central network monitoring platform exposed device and location data.
– Between 2024 and 2025, HPE dealt with new security challenges after a hacker using the alias IntelBroker claimed to have stolen credentials, source code, and sensitive data.
HPE is currently collaborating with law enforcement agencies and cybersecurity experts to address the breach and ensure that necessary notifications are made to affected parties. The company remains committed to safeguarding its systems and data from future cyber threats.
For those interested in learning more about cybersecurity and staying informed about the latest developments, the FutureCrime Summit 2025 offers a valuable opportunity to enhance knowledge and strategies for combating cybercrime. By registering for the summit, participants can secure their spot and gain insights from leading experts in the field.