HPE notifies employees of data theft following Russian state-sponsored cyberattack

American multinational information technology company Hewlett Packard Enterprise (HPE) has begun notifying employees whose personal data was stolen in a cyberattack by Russian state-sponsored hackers in May 2023. The notification process, which started in January 2025, follows a forensic investigation that determined sensitive information, including driver’s license numbers, credit card details, and Social Security numbers, had been compromised.

According to filings with the Attorney General offices in New Hampshire and Massachusetts, HPE has sent breach notification letters to at least 16 individuals affected by the security incident. "HPE’s forensic investigation determined that certain individuals’ personal information may have been subject to unauthorized access," the company stated in its letters. "On January 29, 2025, HPE began providing notice of this event to impacted individuals, by applicable law."

An HPE spokesperson clarified that the breach was limited in scope, affecting only a restricted group of employee mailboxes. However, the incident highlights ongoing cybersecurity threats by state-sponsored actors, particularly those linked to Russia’s Foreign Intelligence Service (SVR). The group responsible, known as Cozy Bear, Midnight Blizzard, APT29, or Nobelium, has previously orchestrated high-profile cyberattacks, including the notorious 2020 SolarWinds supply chain breach.

HPE first disclosed the breach in a January 29, 2024, Securities and Exchange Commission (SEC) filing. The company was informed of the breach on December 12, 2023. It determined that the attackers had accessed and exfiltrated data from its cloud-based Office 365 email environment beginning in May 2023. The compromised mailboxes belonged to employees in cybersecurity, go-to-market, and business segments, among other functions. "The accessed data is limited to information in the users’ mailboxes. We continue to investigate and will make appropriate notifications as required," HPE said.

Further investigation suggests that the Office 365 breach was connected to another intrusion in May 2023, when the same threat actors accessed HPE’s SharePoint server and stole files. This revelation adds another layer to the ongoing cybersecurity challenges faced by the company. The breach at HPE follows a similar attack against Microsoft, which disclosed in January 2025 that Cozy Bear hackers had infiltrated its corporate email accounts and source code repositories after initially breaching its network in November 2024 via a password spray attack on a legacy non-production test tenant account.

HPE has a history of cyber intrusions. In 2018, Chinese state-sponsored hackers infiltrated its network, using that access to target customers. In 2021, the company disclosed a breach of its Aruba Central network monitoring platform, which allowed unauthorized access to data about monitored devices and their locations. More recently, in February 2024 and January 2025, HPE launched investigations into claims by a threat actor known as IntelBroker, who alleged possession of stolen HPE credentials, source code, and other sensitive information.