An unauthorized external actor accessed HPE Aruba Central data repositories in October 2021, according to the company. Hewlett Packard Enterprise has notified Aruba Central customers about the security incident.
The affected Aruba Center data repositories contained information classified as "Customer Personal Data" under Aruba's Data Privacy and Security Addendum, HPE indicated. One dataset included network telemetry data for most Aruba Central customers about WiFi client devices connected to customer Wi-Fi networks. And a second dataset included location-oriented data about WiFi client devices.
How Did the Aruba Central Security Incident Occur?
HPE discovered authorized use of an Aruba Central access key began Oct. 9, 2021. The key was automatically decommissioned and rotated on Oct. 27.
In addition, Aruba Central security monitoring tools previously alerted HPE's security operations team about suspicious activity, the company stated. The team investigated the activity and on Nov. 2, 2021 concluded that it had been unauthorized.
HPE became aware of the security incident after the access key used by the unauthorized threat actor had been decommissioned and rotated on Oct. 27, the company indicated. It then searched all Aruba Central logs to determine if any other keys were being used for malicious activity.
Furthermore, HPE's security operations team activated its data breach incident response plan, the company stated. It notified various security, legal and privacy groups within HPE about the incident.
Meanwhile, Aruba Central customers do not need to take any technical actions to mitigate the incident or guard against similar issues in the future, HPE said. Since security-sensitive information was not compromised, these customers do not no need to change their passwords or network configurations.
Aruba Central provides network management, artificial intelligence-based analytics and Internet of Things (IoT) device security, according to HPE. It can be deployed across wired, wireless and SD-WAN networks.