Microsoft could have prevented Chinese state actors from hacking U.S. government emails last year, a new federal government report found, in an incident it called a “cascade of security failures.”
The report from the U.S. Cyber Safety Review Board (CSRB) found that Chinese hackers, known as Storm-0558, compromised Microsoft Exchange Online emails of 22 organizations and more 500 people around the world, including senior U.S. government officials working on national security matters. Commerce Secretary Gina Raimondo and U.S. Ambassador to the People’s Republic of China R. Nicholas Burns were among the U.S. government officials who were hacked.
The report, released late Tuesday by the U.S. Department of Homeland Security (DHS) found that the hack was “preventable” and that a series of operational and strategic decisions collectively led to “a corporate culture that deprioritized enterprise security investments and rigorous risk management.”
Microsoft did not immediately respond to a request for comment early Wednesday.
This is a developing story and will be updated.