HPE Cloud - Data Breaches
Some of the most notable security breaches for HPE Cloud impacted their clients: Huntington Ingalls, Ericsson, Sabre, and the US Navy. These companies are leaders in their respective industries and service a large group of people, which is why these specific security breaches were also chosen. Additionally, a brief background on the recent "Cloud Hopper Operation" is described as it was largely responsible for these breaches, which started around late 2016. One breach, affecting the US navy, was also added as a separate case due to the number of people affected, the sensitivity of the data exposed, and its connection to the military.
Cloud Hopper Operation Brief Overview
- "Cloud Hopper,” was a hacking campaign in which two Chinese nationals were accused of identity theft and fraud.
- A 2017 report noted that the Cloud Hopper attacks on managed service providers (MSPs) started around late 2016, and is said to have been carried out by several China-aligned groups, including APT10.
- The Cloud Hopper attacks globally accessed the intellectual property and sensitive data of different MSPs and their clients.
- Hewlett Packard Enterprise and IBM were the two MSPs that were initially identified as being compromised from the hack, based on a Reuters report.
- Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation, and DXC Technology were later identified as also being compromised. DXC is a services arm spun off from a merger between HPE and Computer Sciences Corporation in 2017.
- Reuters reported that the "full extent of the damage done by the campaign hasn't been determined yet and many victims are unsure of exactly what information was stolen."
HPE Cloud Breaches and Vulnerabilities
- After hackers penetrated HPE’s cloud computing service, they "used ‘spear phishing’ email to trick employees into downloading malware or giving away their passwords. The attackers were able to "pilfer a huge volume of corporate and government secrets."
- Service providers "withheld information from hacked clients, out of concern over legal liability and bad publicity," which undermined corporate and government response to the attacks. Most of the victims remain a closely held secret.
- HPE reportedly fought Cloud Hopper continually for "at least 5 years and remains vigilant in its efforts to mitigate attacks."
- Reuters reported that attackers "stole directories of credentials, which allowed them to impersonate HPE employees." Once the MSP was accessed, "the attackers would 'jump' from the MSP network to servers hosting client data."
- A spokesman for DXC (the services arm of HPE), claims that "neither the company nor any DXC customer whose environment is under their control has experienced a material impact caused by APT10 or any other threat actor.”
- In December 2018, HPE's stock "closed down $0.52 (3.95 %) to $12.65 per share," 30 minutes after the Reuters story on Cloud Hopper came out.
Affected HPE Clients
1. Huntington Ingalls Breach
- In 2017, HPE investigators found evidence that Huntington Ingalls Industries, a significant client of HPE and the largest U.S. military shipbuilder, was hacked by the Chinese.
- "Computer systems owned by a subsidiary of Huntington Ingalls were connecting to a foreign server controlled by APT10."
- Huntington Ingalls executives were concerned that data was accessed from its biggest shipyard, the Newport News, Va., where it builds nuclear-powered submarines.
- However, a Huntington Ingalls spokeswoman later claimed they were sure that "there was no breach of any HII data via DXC or HPE."
2. Ericsson Breach
- Another HPE client affected was Ericsson, the Swedish telecommunications' equipment developer.
- Ericsson has partnered with HPE since 2015.
- Reports note that there was a persistent and pervasive attack towards at Ericsson, who was up against China's Huawei Technologies to build infrastructure for 5G networks.
- The attacks also appeared random, as Ericsson could not always tell what data was being targeted. Sometimes, the attackers went through project management information, product manuals, they modified logs and deleted files, and also infected them with malware.
- In a statement to Reuters, Ericsson's Chief Security Officer Pär Gunnarsson "declined to discuss specific incidents."
3. Sabre Breach
- Another HPE client that was involved in a breach was Sabre Corp, an American company, which is a leading provider of "reservation systems for tens of thousands of hotels around the world. It also has a comprehensive system for booking air travel, working with hundreds of airlines and 1,500 airports."
- In 2015, investigators found that "at least four HP machines dedicated to Sabre were tunneling large amounts of data to an external server."
- Former HPE employees noted that HPE management limited access to the investigation and was reluctant to tell Sabre everything.
- After an investigation of the breach, a Sabre spokeswoman claimed they found “that there was no loss of traveler data, including no unauthorized access to or acquisition of sensitive protected information, such as payment card data or personally identifiable information.” There was no further comment on "whether any non-traveler data was compromised."
4. 2016 US Navy Breach
- HPE won a $3.5 billion contract to handle the Navy's communications network from 2013-2018.
- In 2016, the personal information of thousands of sailors in the U.S. Navy was compromised.
- The laptop of a Hewlett Packard Enterprise Co. employee was accessed by unknown individuals, who were able "to access the names and social security numbers of 134,386 current and former sailors."
- During that time, HPE shares dropped 1.8% in trading from 3%.
- The Navy pressed Hewlett Packard Enterprise to pay for credit monitoring services, however, HPE "declined to comment on the breach, the investigation or whether the company intends to pay for the credit monitoring for sailors."
- The personal data came from a database known as Career Waypoints (C-WAY), which is used by sailors "to submit requests for re-enlistment and to change Navy Occupational Specialties."
We were able to locate the four most notable data breaches for HPE Cloud. Three of the breaches were identified from the pervasive "Cloud Hopper" campaign instigated by Chinese hackers, which impacted HPE and their clients, along with other managed service providers.
To identify additional breaches, we scoured news articles for details about data or security breaches involving HPE Cloud. We reviewed different articles, including Reuters, Data Breach Today, Wall Street Journal, CNBC, and others. Next, we checked if some databases or reports tracked data or security breaches. We found Identity Theft Resource Center Data Breach Reports, Selfkey.org, and Privacy Rights Clearinghouse’s Chronology of Data Breaches, but none made any mention of data breaches to HPE. We also examined HPE's website for any relevant press releases and news for any public disclosure of cloud data breaches and attacks. Finally, we expanded the search to also include articles older than 2018, and we found some news articles from 2016 to 2017, which described the 2016 US Navy breach included above.
We also found that managed service providers (such as HPE) and their clients often decline to comment on security breaches, and most victims from these breaches are kept a "closely held secret" and often "withhold information due to concern over legal liability and bad publicity." This is likely the reason why we could only identify four breaches for HPE Cloud.
In all, Huntington Ingalls, Ericsson, Sabre, and the US Navy were chosen as the most notable, as they were also leaders in their respective industries, which include telecommunications, travel and the military. They also service a large group of people who were likely affected by the HPE Cloud breaches.