HPE reveals attack on Aruba Central platform

Hackers weren’t able to get their hands on any sensitive data, claims HPE/Aruba

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Threat actors have managed to compromise and access data about devices monitored byHewlett Packard Enterprise (HPE)-ownedAruba Networks, the company has revealed.

Aruba provides network access solutions for large enterprise networks through Aruba Central, which is its unified cloud-based network operations, assurance and security platform that helps streamline deployment, and management of wireless, wired and WAN environments.

According to aFAQon the incident, HPE/Aruba shares that an unauthorized actor got hold of an access key, which enabled them to view “a limited subset of information” held in Aruba Central.

“The data repositories exposed to the external actor contained information classified as “Customer Personal Data” under ourData Privacy and Security Addendumand as a result, we are notifying customers of the incident,” shares the company.

Damage control

HPE’s security operations team noticed suspicious activity and immediately revoked the key, before launching an investigation that confirmed the unauthorized access.

According to the company’s own admission, the threat actor had access to the data between October 9th, 2021, and October 27th, when HPE revoked the key.

The company says that the “Customer Personal Data” in the exposed repositories consists of device Media Access Control (MAC) address, IP address, deviceoperating systemtype and hostname, and, in certain cases, the username. Furthermore, the data repositories also contained other details, which can be used to extrapolate the general vicinity of a user’s location.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Importantly though, the company has revealed that the exposed data did not include any sensitive or special categories of personal data, as defined by the General Data Protection Regulation (GDPR).

Moreover, the company states that it has no reason to believe that the attackers exfiltrated any data.

Make sure you stay protected against inadvertent data leaks with thesebest identity theft protection services

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well