HPE has confirmed that a “limited subset” of customer data was taken in a data breach involving its subsidiary Aruba Networks, a maker of networking equipment.
The enterprise technology giant said in a statement that an unauthorized person used a private key to gain access to customer data stored in its Aruba Central cloud. HPE did not say how the hacker obtained the private key, but said the key allowed access to cloud servers in multiple regions where customer data was stored.
HPE bought Aruba Networks in 2015 for $3 billion in cash. Aruba provides networking gear, like wireless access points, and network security for companies. Through its dashboard, Aruba Central, companies can centrally monitor and manage their Wi-Fi networks.
It’s the Wi-Fi data collected in Aruba Central that HPE said was compromised. HPE said two data sets were exposed: one for network analytics containing information about devices accessing a customer’s Wi-Fi network, and a second data set containing location data about devices on the network. HPE did not give more details about the granularity of the exposed location data, but noted that the data “could allow the general vicinity of a user’s location to be determined.”
Specifically, the data included details about a device, such as a device’s MAC and IP address, device hostname and operating system and, in some cases, the username of the user accessing a Wi-Fi network. HPE said usernames are chosen by customers but could include a user’s name or an email address.
Worse, although the data was both scrambled and encrypted, the company said the private key had permission to use the decryption key; it wasn’t clear if the data was ultimately decrypted. HPE said it was likely only a “very small amount, if any” data was exfiltrated. The company added that it wasn’t clear which specific customers or what files were taken because the company does not keep logs of individual file access.
According to a statement, the hacker first used the key on October 9, but HPE did not detect the intrusion until November 2. HPE automatically purges data from its cloud servers every 30 days, so the amount of compromised data was limited to records dating back to September 10.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
HPE said it was notifying customers of the incident.
