HPE Notifies Employees of Data Breach After Russian Cozy Bear Office 365 Hack
Hewlett Packard Enterprise (HPE) is notifying employees of a data breach stemming from a May 2023 Office 365 hack perpetrated by Russian state-sponsored hackers. At least 16 individuals have received notification letters detailing the theft of sensitive personal information.
The breach notification letters, filed with Attorney General offices in New Hampshire and Massachusetts, confirm the unauthorized access of driver’s licenses, credit card numbers, and Social Security numbers.
“HPE’s forensic investigation determined that certain individuals’ personal information may have been subject to unauthorized access,” the company stated in the letters.
“On January 29, 2025, HPE began providing notice of this event to impacted individuals, in accordance with applicable law.”
An HPE spokesperson confirmed that “a limited group of HPE team member mailboxes were accessed, and only the information contained in those mailboxes was involved.” The company emphasized the limited scope of the breach, but the impact on affected employees remains significant.
The perpetrators, identified as Cozy Bear (also known as Midnight Blizzard, APT29, and Nobelium), are believed to be affiliated with Russia’s Foreign Intelligence Service (SVR). This group is notorious for high-profile attacks, including the 2020 SolarWinds supply chain attack.
HPE initially disclosed the Office 365 hack in an SEC filing on January 29, 2024. The company learned of the breach on December 12, 2023.
“We determined that this nation-state actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes, we believe the nation-state actor is Midnight Blizzard, also known as Cozy Bear.”
The Office 365 incident is likely linked to a separate May 2023 breach of HPE’s SharePoint server, also resulting in data theft. This connection underscores the broader scope of the Cozy Bear attack on HPE systems.
Microsoft also issued a warning days before HPE’s disclosure, confirming Cozy Bear’s theft of data from corporate email accounts and source code repositories. Microsoft’s own network was breached in November 2024 via a password spray attack.
This Office 365 hack is not HPE’s first security incident. The company experienced a 2018 breach involving Chinese actors, compromising customer devices. A 2021 incident involved a compromised Aruba Central data repository, exposing information about monitored devices. More recent investigations in February 2024 and January 2025 followed claims by an actor using the handle IntelBroker, alleging the theft of HPE credentials, source code, and other sensitive data. These incidents highlight the ongoing challenges HPE faces in maintaining robust cybersecurity defenses. The ongoing investigation into the Office 365 hack and related incidents continues.
