- HPE begins to notify those affected by Blizzard’s attack by midnight 2023
- Until now, at least a dozen people have received their violation notification letters
- We do not know exactly how many people were affected
Hewlett Packard Enterprise (HPE) has begun to send cards of non -compliance notification to people affected by the violation of data from 2023, with Techcrunch Reporting that the company has notified at least a dozen people so far, citing a review of the non -compliance notices presented with two generals of the United States State Prosecutor.
HPE reported that threat actors sponsored by the Russian state known as Midnight Blizzard violated their IT systems in 2023 and stole confidential data from the email input trays of their employees. In an 8 k presentation presented before the US stock and values commission. UU. (SEC) At that time, the company said the attack began in mid -May 2023 and saw it on December 12.
The investigation discovered that Midnight Blizzard (also known as cozy Bear, or Nobeliness) had access to “a small percentage” of the email input trays based on the HPE cloud. The newest reports claim that criminals also took social security numbers, driver’s license information and credit card numbers.
No material impact
HPE said the attackers used “a compromised account to access the internal HPE email boxes in our Office 365 email environment.” Later, the company clarified the mailboxes belonged to HPE employees in cybersecurity, market and trade departments.
The exact number of compromised individuals is unknown. The company told TechCrunch that the data were “limited to the information contained in the users’ mailboxes”, which suggests a relatively small number.
That said, HPE does not believe that the attack has a material impact on the company, or that it will interrupt its operations.
“By undertaking such actions, we determined that this activity did not materially affect the company,” HPE said in the presentation. “As of the date of this presentation, the incident has not had a material impact on the company’s operations, and the company has not determined that the incident is reasonably impressive material of the operations or the results of the company’s operations “
