HPE notifies employees of data breach after Russian Office 365 hack - Related to caused, office, after, 2023, employees

Cloudflare outage caused by botched blocking of phishing URL

An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour.

Cloudflare R2 is an object storage service similar to Amazon S3, designed for scalable, durable. And low-cost data storage. It offers cost-free data retrievals, S3 compatibility, data replication across multiple locations, and Cloudflare service integration.

Additionally, the outage occurred yesterday when an employee responded to an abuse research about a phishing URL in Cloudflare's R2 platform. However, instead of blocking the specific endpoint, the employee mistakenly turned off the entire R2 Gateway service.

"During a routine abuse remediation, action was taken on a complaint that inadvertently disabled the R2 Gateway service instead of the specific endpoint/bucket associated with the analysis," explained Cloudflare in its post-mortem write-up.

"This was a failure of multiple system level controls (first and foremost) and operator training."

Furthermore, the incident lasted for 59 minutes, between 08:10 and 09:09 UTC. And apart from the R2 Object Storage itself, it also affected services such as:

Stream – 100% failure in video uploads and streaming delivery.

– 100% failure in video uploads and streaming delivery. Images – 100% failure in image uploads/downloads.

– 100% failure in image uploads/downloads. Cache Reserve – 100% failure in operations, causing increased origin requests.

– 100% failure in operations, causing increased origin requests. Vectorize – 75% failure in queries, 100% failure in insert, upsert, and delete operations.

– 75% failure in queries, 100% failure in insert. Upsert, and delete operations. Log Delivery – Delays and data loss: Up to data loss for R2-related logs, up to data loss for non-R2 delivery jobs.

– Delays and data loss: Up to data loss for R2-related logs. Up to data loss for non-R2 delivery jobs. Key Transparency Auditor – 100% failure in signature publishing & read operations.

Additionally, there were also indirectly impacted services that experienced partial failures like Durable Objects, which had a error rate increase due to reconnections after recovery, Cache Purge, which saw a increase in errors (HTTP 5xx) and 10x latency spike, and Workers & Pages, that had a deployment failures, affecting only projects with R2 bindings.

Cloudflare notes that both human error and the absence of safeguards such as validation checks for high-impact actions were key to this incident.

The internet giant has now implemented immediate fixes like removing the ability to turn off systems in the abuse review interface and restrictions in the Admin API to prevent service disablement in internal accounts.

Additional measures to be implemented in the future include improved account provisioning, stricter access control, and a two-party approval process for high-risk actions.

In November 2024. Cloudflare experienced another notable outage for hours, resulting in the irreversible loss of 55% of all logs in the service.

That incident was caused by cascading failures in Cloudflare's automatic mitigation systems triggered by pushing a wrong configuration to a key component in the business's logging pipeline.

, der gemeinnützige Arm des Internetkonzerns Alphabet, gibt jährlich etwa 100 Millionen US-Dollar für nicht kommerzielle Zwecke aus. Bis zu ...

Sicherheitsforscher warnen erneut vor gewieften Stealer-Apps, die es auf Android- und erstmals offenbar auch auf iPhone-Nutzer abgesehen haben. Die Sp...

Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive...

US health system notifies 882,000 patients of August 2023 breach

Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.

Established in 1875. HSHS works with over 2,200 physicians and has around 12,000 employees. It also operates a network of physician practices and 15 local hospitals across Illinois and Wisconsin, including two children's hospitals.

Furthermore, the non-profit healthcare system presented in data breach notifications sent to those impacted that the incident was discovered on August 27, 2023, after detecting that the attacker had gained access to HSHS' network.

After the security breach. Its systems were also impacted by a widespread outage that took down "virtually all operating systems" and phone systems across Illinois and Wisconsin hospitals. HSHS also hired external security experts to investigate the attack, assess its impact, and. Help its IT team restore affected systems.

"We are prioritizing patient safety as we establish a process for restoration. With the support of third-party experts, we are bringing our systems back online as quickly and. As safely as possible," HSHS noted in a September 2024 statement. "A health system of our size operates hundreds of system applications across thousands of servers, and as such, our restoration and investigative work will take some time to complete.

While the incident and the resulting outage have all the signs of a ransomware attack, no ransomware operation has claimed the breach.

Following the forensic investigation, HSHS found that the attackers had accessed files on compromised systems between August 16 and August 27, 2023.

"We have since been reviewing those files and notifying individuals whose information was found in the files on a rolling basis as our review has continued," it expressed.

The information accessed by the threat actors while inside HSHS' systems varies for each impacted individual, and it includes a combination of name, address, date of birth. Medical record number, limited treatment information, health insurance information, Social Security number, and/or driver's license number.

While HSHS added that there is no evidence that the victims' information has been used in fraud or identity theft attempts, it warned affected individuals to monitor their account statements and credit reports for suspicious activity. The health system also offers those affected by the breach one year of free Equifax credit monitoring.

An HSHS spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today to confirm if the data breach resulted from a ransomware attack.

Last week, Connecticut healthcare provider Community Health Center (CHC) alerted over 1 million patients of a data breach, while New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, mentioned that a ransomware attack forced it to reschedule some appointments.

Earlier this month. UnitedHealth revealed that around 190 million Americans had their information stolen in last year's Change Healthcare ransomware attack, almost doubling the 100 million disclosed in October.

In late December, the Department of Health and Human Services (HHS) proposed HIPAA updates to secure patients' health data in response to a surge of massive healthcare security breaches.

Human communication is multimodal. We receive information in many different ways, allowing our brains to see the world from various angles and turn th...

In cybersecurity. Too often, the emphasis is placed on advanced technology meant to shield digital infrastructure from external threats. Yet, an equal...

, der gemeinnützige Arm des Internetkonzerns Alphabet, gibt jährlich etwa 100 Millionen US-Dollar für nicht kommerzielle Zwecke aus. Bis zu ...

HPE notifies employees of data breach after Russian Office 365 hack

Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the organization's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack.

, HPE started sending the breach notification letters last month to at least 16 people who had their driver's licenses, credit card numbers. And Social Security numbers stolen.

"HPE's forensic investigation determined that certain individuals' personal information may have been subject to unauthorized access," the organization says in the letters. "On January 29, 2025, HPE began providing notice of this event to impacted individuals, in accordance with applicable law."

When asked to share the number of employees affected by this data breach, an HPE spokesperson introduced it was "a limited group of HPE team member mailboxes that were accessed, and only the information contained in those mailboxes was involved."

The group behind the attack, Cozy Bear (also known as Midnight Blizzard, APT29, and Nobelium), is believed to be part of Russia's Foreign Intelligence Service (SVR) and has also been linked to other high-profile breaches, including the infamous 2020 SolarWinds supply chain attack.

The HPE breach incident was first disclosed in an SEC filing on January 29. 2024, when the enterprise stated it was notified on December 12 that suspected Russian hackers breached its cloud-based Office 365 email environment in May 2023 using a compromised account.

"We determined that this nation-state actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions. We believe the nation-state actor is Midnight Blizzard, also known as Cozy Bear," HPE told BleeingComputer at the time.

"The accessed data is limited to information contained in the consumers' mailboxes. We continue to investigate and will make appropriate notifications as required."

Sharepoint server breached by the same hackers.

In the SEC filing, HPE added that the Office 365 incident was likely related to another May 2023 breach, when threat actors accessed the organization's SharePoint server and stole files.

Days before HPE's disclosure. Microsoft also warned that Cozy Bear hackers stole data from corporate email accounts and source code repositories. They first breached Microsoft's network in November 2024 in a password spray attack to access a legacy non-production test tenant account.

HPE was previously breached in 2018 when Chinese malicious actors hacked into its network and used that access to breach its clients' devices.

In 2021, it also disclosed that the data repos for its Aruba Central network monitoring platform had been compromised, allowing a threat actor to access information about monitored devices and their locations.

More in the recent past, in February 2024 and January 2025. The business started investigating other potential security breaches after a threat actor using the IntelBroker handle claimed to have stolen HPE credentials, source code, and other sensitive information.

Sicherheitsforscher warnen erneut vor gewieften Stealer-Apps, die es auf Android- und erstmals offenbar auch auf iPhone-Nutzer abgesehen haben. Die Sp...

Die US-amerikanische IT-Sicherheitsbehörde CISA warnt vor jüngst beobachteten Angriffen in freier Wildbahn auf Schwachstellen in Linux, Apache OFBiz. ...

Netzwerkadmins mit BIG-IP-Appliances sollten die weiterführenden Informationen zum Quartalssicherheitsupdates von F5 studieren. Die Entwickler haben d...