Hewlett Packard Enterprise (HPE) has confirmed a significant data breach affecting its Office 365 email environment, orchestrated by Russian state-sponsored hacking group Cozy Bear in May 2023. The company began notifying affected employees in January 2025, with at least 16 individuals having their sensitive information compromised, including driver’s licenses, credit card numbers, and Social Security numbers.

The attack was attributed to Cozy Bear (also known as Midnight Blizzard, APT29, and Nobelium), a group believed to be affiliated with Russia’s Foreign Intelligence Service (SVR). This same group was responsible for the notorious 2020 SolarWinds breach.

Key Details of the Breach:
– Initial compromise occurred in May 2023
– Affected HPE’s cloud-based Office 365 environment
– Targeted mailboxes belonged to cybersecurity, marketing, and business segment personnel
– Related SharePoint server breach occurred simultaneously
– Company discovered the breach on December 12, 2023

The incident follows a pattern of security challenges for HPE, including:
– 2018 Chinese threat actor breach
– 2021 Aruba Central platform compromise
– Recent investigations into potential breaches in 2024-2025 involving claimed theft of credentials and source code

Microsoft, in a related development, also reported being targeted by the same group, with hackers accessing corporate email accounts and source code repositories through a password spray attack on a legacy test account.