HPE has confirmed that a “limited subset” of customer data was taken in the data breach, including that of its subsidiary Aruba Networks, a company that manufactures networking equipment.
The enterprise technology giant said a statement That an unauthorized person used a private key to gain access to customer data stored in his Aruba Central cloud. HPE did not say how the hackers obtained the private key, but said the key allowed access to cloud servers in several areas where customer data was stored.
HPE bought Aruba Networks in 2015 for $3 billion in cash. Aruba provides networking gear such as wireless access points and network security for companies. Through its dashboard, Aruba Central, companies can centrally monitor and manage their Wi-Fi networks.
This is Wi-Fi data collected in Aruba Central that HPE said was compromised. HPE said two data sets were revealed: one for network analytics that contains information about devices accessing a customer’s Wi-Fi network, and a second data set that contains location data about devices on the network. HPE did not provide further details about the granularity of the exposed location data, but noted that the data “may allow the general vicinity of a user’s location to be determined.”
Specifically, the data includes details about the device, such as the device’s MAC and IP address, the device hostname and operating system, and, in some cases, the username of the user accessing the Wi-Fi network. HPE said usernames are chosen by customers but can include the user’s name or email address.
Worse, although the data was scrambled and encrypted, the company said the private key was allowed to use the decryption key; It was not clear whether the data was eventually decrypted. HPE said it probably only pulled out “a very small amount, if any” of the data. The company said it was not clear which specific customers or which files were taken because the company does not keep logs of individual file accesses.
According to a statementThe hacker first accessed the key on October 9, but HPE did not detect the intrusion until November 2. HPE automatically purges data from its cloud servers every 30 days, so the amount of data compromised was limited to records as of September 10.
HPE said it was notifying customers about the incident.