HPE Investigating New Breach That Impacted Test Environment Data

After a hacker reportedly claimed to be selling stolen HPE credentials, the company tells CRN that there is ‘no indication’ the data is from customers or HPE production environments.

Hewlett Packard Enterprise said Monday that its initial investigation into a newly revealed data breach suggests the incident only impacted a company test environment.

After a hacker reportedly claimed to be selling HPE data, the IT infrastructure giant acknowledged it is investigating but said there is “no indication” that the affected data came from customers or from HPE production environments.

BleepingComputer reported Monday that a hacker known as “IntelBroker” has been attempting to sell allegedly stolen HPE credentials. The threat actor shared screenshots related to the data in a hacking forum, according to the report.

IntelBroker previously claimed responsibility for the 2023 breach of D.C. Health Link, which had impacted data for thousands of users of the health insurance exchange including multiple members of Congress.

In the HPE breach, the threat actor claimed to have stolen data including access tokens, configuration files, system logs and access to software development environments, according to BleepingComputer.

However, HPE said in a statement Monday that “based on our investigation so far, the data at issue appears to be related to information that was contained in a test environment.”

“There is no indication these claims relate to any compromise of HPE production environments or customer information,” the company said in the statement provided to CRN.

The newly revealed breach comes two weeks after HPE disclosed that its Office 365 email environment was compromised in 2023 by the nation-state threat actor known as Midnight Blizzard, a Russia-aligned hacker group also recently blamed for an attack that compromised senior Microsoft executives.

In a Jan. 24 filing with the U.S. Securities and Exchange Commission, Spring, Texas-based HPE said it was notified on Dec. 12 about the incident, which began in May 2023 and impacted a “small percentage” of staff email accounts.

‘Industry-Wide Epidemic’

With the disclosure of another breach impacting HPE, a top solution provider CTO said the incident is yet another call to action for all solution providers, manufacturers and customers to “triple down” on security.

“It is vital that security be included in every discussion and taken into account in every action whether it is development, delivery or day to day operations,” said the CTO, who did not want to be identified. “Anything less is not adequate. Security is leading every solution sale right now.”

The solution provider executive stressed that HPE is far from alone in finding itself attacked by malicious actors.

“This is an industry-wide epidemic,” the CTO said. “We all need to do our part to stop it. That is not limited to hardware, software and security tools it is education of end users and customers as well.”