- Hpe is starting to inform people affected by the midnight Blizzard attack 2023
- Until now, at least a dozen people have received their letters of notification of violation
- We don’t know exactly how many people have been affected
Hewlett Packard Enterprise (HPE) began to send letters of violation notification to people affected by the 2023 data violation, with Techcrunch The company’s report has informed at least a dozen people so far, citing an examination of the violation opinions filed with two American prosecutors.
HPE reported that actors in the threat sponsored by the Russian state known as Midnight Blizzard violated its computer systems in 2023 and stole data sensitive to the reception boxes of its employee. In a submission of 8-K deposited with the Securities and Exchange Commission (SEC) of the United States, the company declared that the attack had started in mid-May 2023 and that it spotted it on December 12 .
The survey revealed that Midnight Blizzard (also known as Cozy Bear or Nobelium) had access to “a small percentage” of HPE Cloud’s reception boxes. New reports say the crooks have also taken social security numbers, driving license information and credit card numbers.
No hardware impact
HPE said that the attackers used “a compromise account to access HPE internal messaging boxes in our Office 365 messaging environment”. Later, the company said that the mailboxes belonged to HPE employees in cybersecurity, market and businesses.
The exact number of compromise individuals is not known. The company told Techcrunch that the data was “limited to the information contained in user mailboxes”, suggesting a relatively low number.
That said, HPE does not think that the attack will have a significant impact on the company, or that it will disrupt its operations.
“By undertaking such actions, we have determined that such an activity has had no significant impact on the company,” said HPE in the file. “On the date of this file, the incident had no significant impact on the operations of the company, and the company did not determine that the incident is reasonably likely to have a significant impact on the financial situation or operating results of the company. “
