Skip to main content
data on computer screen

Hewlett Packard Enterprise (HPE) Data Breach Investigation

The Lyon Firm is investigating a cyberattack disclosed by Hewlett Packard Enterprise Company (HPE) this week that may have compromised a large amount of sensitive personal data. In their disclosure to the Securities and Exchange Commission (SEC), HPE revealed that they were the victim of a May 2023 cyberattack, now claimed by a Russian state-sponsored actor known as Cozy Bear or Midnight Blizzard.

What Happened at Hewlett Packard?

HPE was allegedly notified about the breach on December 12, 2023, but the attack likely started over half a year prior.

On January 19, 2024, HPE reported the data breach. On January 24, 2024, Hewlett Packard Enterprise filed a notice of data breach in its Form 8-K filing with the Securities and Exchange Commission (SEC) after discovering that an unauthorized actor gained access to the HPE cloud-based email system.

Threat actors are believed to have gained unauthorized access to HPE’s network last year. The ongoing investigation has concluded that the hackers accessed and exfiltrated data starting in May 2023 from HPE mailboxes.

The investigation is ongoing and if HPE confirms that customer or employee information was compromised, it will send out data breach notification letters to all individuals impacted.

If you receive a letter from HPE regarding the data breach, it is important to understand the potential increased risk of fraud and identity theft. Contact our data breach lawyers to learn more about how to protect yourself, and to discuss legal action. Class action data theft lawsuits can recover compensation and hold negligent parties accountable.

Who is Responsible for the HPE cyberattack?

The attack at Hewlett Packard has been attributed to the Russian state-sponsored attacker group APT29, also known as Cozy Bear, Midnight Blizzard, BluRavo, and Cloaked Ursa. Cozy Bear is a notorious Russia-linked threat, and made news after the SolarWinds attacks. Microsoft recently said the same group attempted to breach its systems.

It has not yet been determined what data may have been leaked or stolen at Hewlett Packard. HPE’s filing with the Securities and Exchange Commission simply provides a little information on what led up to the incident. Apparently hackers were able to exfiltrate data from a limited number of HPE SharePoint files.

Hewlett Packard Enterprises is a business services and technology company operating out of Spring, Texas. HPE provides a range of technology services related to servers, storage, networking, containerization software, and consulting & support.

Don’t hesitate to contact our legal team after a data security incident impacts you or a loved one. We believe any organization that collects and stores your personal information has a legal and ethical duty to protect it. Our firm represents plaintiffs nationwide and we have filed numerous data breach lawsuits on behalf of victims in all fifty states.