Hewlett Packard Enterprise (HPE) is notifying employees that their data was stolen in a cyberattack orchestrated by Russian state-sponsored hackers.
According to regulatory filings in New Hampshire and Massachusetts, HPE began sending notifications last month to at least 16 affected individuals whose driver’s licenses, credit card numbers, and Social Security numbers were compromised. “HPE’s forensic investigation determined that certain individuals’ personal information may have been subject to unauthorized access,” the company stated in notification letters. “On January 29, 2025, HPE began providing notice of this event to impacted individuals, following applicable law.”
A company spokesperson described the breach as involving only a limited number of employee mailboxes, with data exposure restricted to the contents of those emails. The hacking group behind the attack, known as Cozy Bear—also referred to as Midnight Blizzard, APT29, and Nobelium—is believed to be part of Russia’s Foreign Intelligence Service (SVR). This group has been linked to multiple high-profile breaches, including the notorious 2020 SolarWinds supply chain attack.
HPE first disclosed the breach in a Securities and Exchange Commission (SEC) filing on January 29, 2024, revealing that it had been alerted to the cyberattack on December 12, 2023. The company determined that the hackers accessed and exfiltrated data starting in May 2023 from a small subset of employee mailboxes, primarily those belonging to cybersecurity, business, and go-to-market teams. “We believe the nation-state actor responsible is Midnight Blizzard, also known as Cozy Bear,” HPE told BleepingComputer at the time.
The compromised data was limited to information stored in the affected users’ mailboxes. HPE has stated that it continues to investigate the incident and will issue further notifications as required. The breach underscores the ongoing risks posed by state-sponsored cyber espionage, raising concerns about data security in corporate cloud environments.
