Notification of Data Breach: Midnight Blizzard Cyberattack in 2023 by HPE
In a significant cybersecurity incident, Hewlett Packard Enterprise (HPE) has confirmed that its cloud-hosted email environment was breached by a Russian state-backed threat group known as Midnight Blizzard. The breach, which occurred in May 2023 and was disclosed by HPE in an SEC filing, targeted the company's cybersecurity team and other departments, leading to data theft.
The nature of the attack is suspected to be the work of Midnight Blizzard, a group often linked to state-sponsored activities. Specific details about the types of data stolen are not extensively detailed in the available reports. However, it is known that the breach involved the theft of data from HPE's cybersecurity team and other departments.
In response to the breach, HPE has taken several remediation measures. These include enhancing security measures, such as implementing or strengthening multi-factor authentication (MFA) and other security protocols, to prevent similar breaches. Efforts have also been made to isolate affected systems, recover stolen data, and inform relevant stakeholders, including employees and a small number of customers.
This breach is not an isolated incident for Midnight Blizzard. The group has been active in targeting technology companies, including Microsoft, where they exploited vulnerabilities such as weak passwords and lack of MFA on legacy accounts to gain access to corporate environments. Midnight Blizzard is also responsible for the massive supply chain attack on SolarWinds and a similar breach of Microsoft's corporate email system.
HPE has begun issuing data breach notifications to state attorney general offices regarding personal data, including Social Security and credit card numbers, that were exposed in the breach. In a breach notification filing with the state of Massachusetts, it was revealed that Social Security numbers, driver's license numbers, and credit/debit card numbers were compromised in the HPE data breach.
The exact number of individuals affected has not been disclosed, but HPE's forensic investigation determined that certain individuals' personal information may have been subject to unauthorized access. HPE has been proactive in notifying those employees whose personal data may have been in the emails, as well as the relevant authorities, to ensure transparency and compliance with legal requirements for data breach notification.
As the investigation continues, it is crucial for companies to prioritize robust cybersecurity measures to protect their data and prevent such incidents from occurring. This includes implementing strong security protocols, regularly updating systems, and educating employees about the importance of cybersecurity.
[1] https://www.reuters.com/business/hewlett-packard-enterprise-says-russian-hackers-breached-its-email-system-2024-01-12/ [2] https://www.washingtonpost.com/technology/2024/01/12/hewlett-packard-enterprise-hacked-russian-state-backed-group/
- Despite taking remediation measures such as enhancing security protocols and implementing multi-factor authentication, HPE's data breach Reminds businesses of the importance of prioritizing robust cybersecurity.
- The incident at Hewlett Packard Enterprise, in which Midnight Blizzard stole data from its cybersecurity team and other departments, serves as a cybersecurity warning for tech companies, highlighting the risks associated with weak passwords and the absence of multi-factor authentication on legacy accounts.
