A Biden administration-appointed Cyber Safety Review Board criticized Microsoft’s corporate security and transparency in a report, accusing the tech giant of a “cascade of errors” that allowed state-backed Chinese hackers to breach the email accounts of US officials
According to the report, one of the officials who had her account breached was Commerce Secretary Gina Raimondo.
Driving the news: The report detailed poor cybersecurity practices, a lax corporate culture, and a lack of sincerity about the company’s knowledge of the targeted breach that affected multiple US agencies dealing with China.
- It concluded that “Microsoft’s security culture was inadequate and requires an overhaul.”
- The panel made sweeping recommendations, including urging Microsoft to halt adding features to its cloud computing environment until significant security improvements have been made.
- The board also called for rapid cultural change at Microsoft, including a public plan with specific timelines for security-focused reforms across the company and its full suite of products.
- The board expressed concern about another hack disclosed by Microsoft in January, in which email accounts, including those of senior Microsoft executives and customers, were compromised and attributed to state-backed Russian hackers.
What they’re saying: While Microsoft thanked the board for its investigation and pledged to harden its systems against attack and implement more robust sensors and logs, it called the hackers “well-resourced nation-state threat actors who operate continuously and without meaningful deterrence,” in a statement.