Hewlett Packard Enterprise (HPE) has launched an investigation into a new data breach after a threat actor claimed to have stolen sensitive information from the tech giantโs systems.
The investigation follows an announcement by the prominent and notorious threat actor โIntelBroker,โ who took to BreachForums on January 16th to announce that they are selling files reportedly obtained from HPE’s networks.
For those unaware, IntelBroker is infamous for breaching major organizations like Cisco, Nokia, Europol, and AMD, often stealing and selling sensitive data on cybercrime forums.
Regarding HPE, the compromised data allegedly includes source code for products like Zerto and iLO, private Github repositories, Docker builds, SAP Hybris, Certificates (private and public keys), and even some old user personal identifiable information (PII) used for deliveries.
IntelBroker is also offering selling access to some HPE services, including APIs, WePay, GitHub, GitLab and more.
โToday, I am selling the HPE data breach,โ IntelBroker wrote in a BreachForumsย post. โWe have been connecting to some of their services for about 2 days now.โ
HPE said it is investigating the breach claims but has found no evidence of a security breach.
It added that there is no operational impact on the company and no evidence that customer information was involved in the cyber incident.
โHPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE. HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims,โ an HPE spokesperson said in a statement.
This is not the first time IntelBroker has made such breach claims against HPE. In February 2024, the threat actor claimed to have breached HPE and offered the companyโs stolen data for sale, which reportedly included Continuous Integration/Continuous Deployment (CI/CD) access, system logs, configuration files, access tokens, HPE StoreOnce files (such as serial numbers and warranty information), and access passwords, including email services.