HPE reports unauthorized access by nation-state actor Midnight Blizzard; data exfiltrated from email environment

Hewlett Packard Enterprise Co

Suspected nation-state actor Midnight Blizzard gained unauthorized access to HPE's cloud-based email environment; notified Dec 12, 2023.
Data exfiltrated from a small percentage of HPE mailboxes, including cybersecurity, go-to-market, and business segment personnel, beginning May 2023.
Incident related to earlier unauthorized access to SharePoint files in June 2023; HPE says that activity did not materially impact the company.
HPE engaged external cybersecurity experts, contained and remediated the incident, and is cooperating with law enforcement.
HPE has not determined that the incident is reasonably likely to materially impact its financial condition or results of operations.

Key facts

Extracted from this filing and checked against the source text.

Cybersecurity Incidents SEC 8-K Item 1.05 confidence 0.9

Hewlett Packard Enterprise Co disclosed a cybersecurity incident: Unauthorized access by suspected nation-state actor Midnight Blizzard/Cozy Bear to HPE's cloud-based email environment; data accessed and exfiltrated beginning in May 2023 from a small percentage of HPE mailboxes. Impact: Incident has not had a material impact on operations; the Company has not determined it is reasonably likely to materially impact financial condition or results of operations. Company determined it not material. Discovered 2023-12-12.

Nature: Unauthorized access by suspected nation-state actor Midnight Blizzard/Cozy Bear to HPE's cloud-based email environment; data accessed and exfiltrated beginning in May 2023 from a small percentage of HPE mailboxes.
Impact: Incident has not had a material impact on operations; the Company has not determined it is reasonably likely to materially impact financial condition or results of operations.
Materiality: not material
Discovery: 2023-12-12

Exact text from the filing

As of the date of this filing, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.

View on SEC.gov

2 cybersecurity incidents filed in the last 30 days. Browse all cybersecurity incidents →

Hewlett Packard Enterprise Co filing history →

Source: SEC EDGAR

accession 0001645590-24-000009

view filing index on sec.gov

view primary document

Machine-readable: JSON · Markdown · Plain text

This headline and bullets were generated automatically by deepseek-v4-flash:cloud@v2 from the public filing. Read the source on SEC.gov before relying on any specific claim. Not investment advice. See methodology for how this pipeline works.