Excerpt from CRN Article, Published on Jan 21, 2025.
Hewlett Packard Enterprise (HPE) has initiated an investigation into claims made by a threat actor alleging the theft of sensitive data, including source code, from the company. The alleged HP data breach, reportedly involving HPE’s Zerto disaster recovery platform, Integrated Lights-Out (iLO) server management software, Docker builds, and certificates, has raised concerns within the cybersecurity community. The claims come from a hacker known as IntelBroker, who had previously compromised an HPE test environment in early 2024. According to reports, the threat actor claimed access to HPE’s API, GitHub repositories, and WePay systems for at least two days. While HPE has yet to confirm whether the breach occurred, the company acknowledged being made aware of the allegations on January 16.
“HPE became aware of claims made by a group called IntelBroker that it was in possession of information belonging to HPE,” the company said in a statement. “HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims.” Despite the allegations, HPE emphasized that there has been no operational impact on its business, nor has there been evidence of customer data involvement in the HP data breach. The company reassured stakeholders of its commitment to maintaining robust cybersecurity measures.
This is not the first time HPE has faced claims from IntelBroker. A similar incident in 2024 involved a breach of an HPE test environment. At the time, HPE confirmed that data was impacted but stated the scope was limited compared to the threat actor’s claims. As the investigation continues, the tech giant remains focused on assessing the potential implications of this alleged HP data breach. With no operational disruptions reported so far, HPE’s proactive measures aim to safeguard its systems and uphold its reputation in the IT industry.
To delve deeper into this topic, please read the full article CRN.
