2024-01-24 Hewlett Packard Enterprise Co Cybersecurity Incident

Page last updated on April 22, 2024

Hewlett Packard Enterprise Co initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-01-24 16:05:25 EST.

Incident Details

Material: Unknown
Is Breach: TRUE
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date: 2023-05-14
Detected Date: 2023-12-12
Disclosure Date: 2024-01-24
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2024-01-24

Hewlett Packard Enterprise Co filed an 8-K at 2024-01-24 16:05:25 EST
Accession Number: 0001645590-24-000009

Item 1.05 Material Cybersecurity Incidents.

On December 12, 2023, Hewlett Packard Enterprise Company (the “Company,” “HPE,” or “we”) was notified that a suspected nation-state actor, believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear, had gained unauthorized access to HPE’s cloud-based email environment. The Company, with assistance from external cybersecurity experts, immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity. Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.

While our investigation of this incident and its scope remains ongoing, the Company now understands this incident is likely related to earlier activity by this threat actor, of which we were notified in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023. Following the notice in June, we immediately investigated with the assistance of external cybersecurity experts and took containment and remediation measures intended to eradicate the activity. Upon undertaking such actions, we determined that such activity did not materially impact the Company.

We have notified and are cooperating with law enforcement and are also assessing our regulatory notification obligations, and we will make notifications as appropriate based on our investigation findings. As of the date of this filing, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.


Company Information

NameHewlett Packard Enterprise Co
CIK0001645590
SIC DescriptionComputer & office Equipment
TickerHPE - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndOctober 30