Microsoft to face Homeland Security over a cascade of security failings

Microsoft has previously confirmed that it has been breached by hackers from both China and Russia, and now the US government wants to talk about it.

2

The House Committee on Homeland Security has selected Microsoft's vice chair and president, Brad Smith, to attend a hearing called "A Cascade of Security Failures: Assessing Microsoft Corporation's Cybersecurity Shortfalls and the Implications for Homeland Security." For those that don't know, Microsoft has recently been put under the microscope by security researchers and the US government following a slew of security breaches.

Prominent incidents that likely caught the attention of Homeland Security were the attack on Microsoft Exchange in June 2023 that resulted in senior US government officials having their emails compromised - approximately 60,000, and the January 2024 attack by Midnight Blizzard. The latter of the two was traced back to Russia, and the breach resulted in Midnight Blizzard breaking into the email accounts of Microsoft executives and stealing messages and files from the leadership team.

Furthermore, two months after the Midnight Blizzard incident, Microsoft admitted that Russian-based hackers had stolen source code and that Russian hackers had gained access to internal systems.

"These cyber intrusions not only undermine public confidence in Microsoft's ability to safeguard its operating systems, cloud platforms, and productivity software, but also raise serious questions about an apparent lack of accountability and oversight," read the letter to Smith

"It is imperative that Microsoft, which accounts for nearly 85 percent of the market share in the US government's productivity software, be held to the same level of accountability as the rest of the US government's trusted vendors."