A report from a review board that the Biden administration set up said Microsoft had a “cascade of errors” that let Chinese hackers into their systems.
The main problem here is how a Chinese hacker got into the email accounts of other U.S. officials and Commerce Secretary Gina Raimondo. Microsoft was looked at by the Cyber Safety Board, which found bad security practices, a lazy company culture, and not enough honesty about the breach.
The board’s report said, “Microsoft’s security culture was inadequate and requires an overhaul.” This is because the company is in charge of so much important data. It also said that its goods “support national security, the foundations of our economy, public health and safety, and essential services that support those goals.”
The group said that the hacking should never have happened and that Microsoft could have stopped it. Also, they said the worst thing about this is that Microsoft still says they don’t know how the hackers got in.
The board told Microsoft that it needed to make “a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products.” Also, they told them not to add anything else to their cloud computer environment until the security was made better.
In response, Microsoft said in a statement, “We appreciate the board’s investigation and will continue to harden all of our systems against the attack and add even stronger sensors and logs to help us find and fight our enemies’ cyberarmies.”
Since Chinese hackers got into Microsoft Exchange Online email, the breach has affected more than 500 people and twenty groups. It took the hackers at least six weeks to get to these emails, and they got over 60,000 emails from the State Department alone.
