US reprimands Microsoft for security failures that allowed Chinese hack
Federal report says ‘cascade of errors’ by tech giant let Chinese operators break into senior government officials’ email accounts
In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior US officials including commerce secretary, Gina Raimondo.
The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple US agencies that deal with China.
It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem. Microsoft products “underpin essential services that support national security, the foundations of our economy, and public health and safety”.
The panel said the intrusion, discovered in June by the State Department and dating to May “was preventable and should never have occurred”, blaming its success on “a cascade of avoidable errors”. What’s more, the board said, Microsoft still doesn’t know how the hackers got in.
/cloudfront-us-east-2.images.arcpublishing.com/reuters/NNEROBW525KAJDE4PRU2RPPGX4.jpg)
