By - HPE begins notifying those affected by the 2023 Midnight Blizzard attack
- So far, at least a dozen people have received their breach notification letters
- We don’t know exactly how many people were affected
Hewlett Packard Enterprise (HPE) has started sending out breach notification letters to people who were affected by the 2023 data breach, with TechCrunch reporting the company has notified at least a dozen individuals so far, citing a review of breach notices filed with two US state attorney generals.
HPE reported Russian state-sponsored threat actors known as Midnight Blizzard breached its IT systems in 2023 and stole sensitive data from its employees’ email inboxes. In an 8-K submission filed with the US Securities and Exchange Commission (SEC) at the time, the company said the attack started in mid-May 2023, and that it spotted it on December 12.
The investigation uncovered that Midnight Blizzard (also known as Cozy Bear, or Nobelium) had access to “a small percentage” of HPE’s cloud-based email inboxes. Newer reports claim the crooks took Social Security numbers, driver’s license information, and credit card numbers, as well.
No material impact
HPE said the attackers used “a compromised account to access internal HPE email boxes in our Office 365 email environment.” Later, the company clarified the mailboxes belonged to HPE employees in cybersecurity, go-to-market, and business departments.
The exact number of compromised individuals is not known. The company told TechCrunch the data was “limited to information contained in the users’ mailboxes,” suggesting a relatively small number.
That being said, HPE doesn’t believe the attack will have a material impact on the company, or that it will disrupt its operations.
“Upon undertaking such actions, we determined that such activity did not materially impact the Company,” HPE said in the filing. “As of the date of this filing, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”
