Advisory Type: IT Security
Severity: High Severity
PDS is providing the following communication to build awareness of a data breach involving the HPE Aruba Central cloud services.
On November 10, 2021, Hewlett-Packard Enterprise (HPE) published an Aruba Central Security Incident document disclosing that an “unauthorized external actor” had used an access key to some information contained in the Aruba Central cloud service.
The data accessed is considered private, consisting of MAC addresses, IP addresses, hostname, and in some cases username. All the data pertains to Wi-Fi client devices managed in the Aruba Central cloud service.
The access key was first used on October 9, 2021. The access key automatically revoked on October 27 during routine key rotation. No customer information, including passwords, need to be changed. The data repositories contain 30 days of “rolling” data, so the exposed data spans a period of time from September 10, 2021, through October 27, 2021.
We advise customers to review the HPE Aruba advisory and contact their HPE Aruba sales team if further information is needed.