1. Forum
  2. FidoNet
  3. POLITICS

  • HPE starts contacting vic

    From Mike Powell@1:2320/105 to All on Mon Feb 10 10:26:00 2025
    HPE starts contacting victims of 2023 Russian cyberattack

    Date:
    Mon, 10 Feb 2025 13:27:00 +0000

    Description:
    Russian attackers took plenty of sensitive data from a limited number of accounts.

    FULL STORY

    Hewlett Packard Enterprise (HPE) has started sending out breach notification letters to people who were affected by the 2023 data breach, with TechCrunch reporting the company has notified at least a dozen individuals so far,
    citing a review of breach notices filed with two US state attorney generals.

    HPE reported Russian state-sponsored threat actors known as Midnight Blizzard breached its IT systems in 2023 and stole sensitive data from its employees email inboxes. In an 8-K submission filed with the US Securities and Exchange Commission (SEC) at the time, the company said the attack started in mid-May 2023, and that it spotted it on December 12.

    The investigation uncovered that Midnight Blizzard (also known as Cozy Bear,
    or Nobelium) had access to a small percentage of HPEs cloud-based email inboxes. Newer reports claim the crooks took Social Security numbers, drivers license information, and credit card numbers, as well.

    No material impact

    HPE said the attackers used a compromised account to access internal HPE
    email boxes in our Office 365 email environment. Later, the company clarified the mailboxes belonged to HPE employees in cybersecurity, go-to-market, and business departments.

    The exact number of compromised individuals is not known. The company told TechCrunch the data was limited to information contained in the users mailboxes, suggesting a relatively small number.

    That being said, HPE doesnt believe the attack will have a material impact on the company, or that it will disrupt its operations.

    Upon undertaking such actions, we determined that such activity did not materially impact the Company, HPE said in the filing. As of the date of this filing, the incident has not had a material impact on the Companys
    operations, and the Company has not determined the incident is reasonably likely to materially impact the Companys financial condition or results of operations.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hpe-starts-contacting-victims-of-2023-r ussian-cyberattack

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)