HPE begins to communicate with the victims of the 2023 Russian cyberattack.

Hewlett Packard Enterprise (HPE) has begun sending notification letters to individuals affected by the data breach that occurred in 2023. So far, it has been reported that at least a dozen individuals have received these letters, according to an analysis of the notifications filed with two state attorneys general in the United States.

The company communicated that its information technology system was compromised by state-sponsored threat actors known as Midnight Blizzard. This attack, which took place in 2023, resulted in the theft of sensitive information from its employees' emails. In a report submitted to the U.S. Securities and Exchange Commission, HPE indicated that the intrusion began in mid-May 2023 and was detected on December 12 of the same year.

The investigation revealed that Midnight Blizzard, also known as Cozy Bear or Nobelium, gained access to "a small percentage" of HPE's cloud inboxes. Recent reports suggest that the attackers accessed Social Security numbers, driver's license information, and credit card numbers, among other data.

HPE explained that the attackers used a compromised account to access the company's internal emails within its Office 365 environment. The company noted that the affected accounts belonged to employees in cybersecurity, marketing, and other business divisions. The exact number of individuals affected has not been confirmed, but HPE states that the breached information is "limited to what is contained in users' inboxes," suggesting that the total number of individuals involved is relatively small.

Despite the breach, HPE believes that the attack will not have a material impact on the company or its operations. The company stated that after an assessment, they determined that this activity had no material effect on the company's functioning and that they do not expect it to significantly affect their financial condition or operating results.