TLDR:
- A federal report criticized Microsoft for poor cyber security practices, allowing Chinese hackers to breach US official emails
- The report called for significant security improvements and a cultural overhaul at Microsoft
A Biden administration-appointed Cyber Safety Review Board released a report slamming Microsoft’s corporate security and transparency. The report highlighted a “cascade of errors” that led to state-backed Chinese hackers breaching the email accounts of US officials, including Commerce Secretary Gina Raimondo. The panel called for an overhaul of Microsoft’s security culture, halting the addition of features to its cloud computing environment until significant security improvements are made, and rapid cultural change within the company.
The board also expressed concern about another hack disclosed by Microsoft in January, attributed to state-backed Russian hackers. Microsoft responded by thanking the board for its investigation and pledging to strengthen its systems against attacks, referring to the hackers as “well-resourced nation-state threat actors.”