A leading U.S. senator, Ron Wyden, has called on the Justice Department and other agencies to investigate an alleged China-backed hack of Microsoft-provided email accounts used by top government officials, including U.S. Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns. Wyden accused Microsoft of negligence, urging a whole-of-government effort to hold the company accountable.
He requested the Cyber Safety Review Board to investigate the incident and scrutinize how Microsoft’s missteps were not discovered during external audits required for government contractors. Wyden also criticized Microsoft’s response to the SolarWinds hacking campaign and slammed the White House for not ordering the Cyber Safety Review Board to examine the SolarWinds incident.
Wyden’s concerns stem from the possibility that Microsoft’s poor data security practices around encryption keys may have contributed to the recent email hack. The incident has sparked growing concern, as researchers noted that the stolen encryption keys could have granted hackers even more access to other U.S. government systems.
While Microsoft and National Security Agency Director of Cybersecurity Rob Joyce attributed the hack to Chinese government actors, the Chinese Embassy vehemently denied any involvement. Other U.S. senators have also requested the State Department to investigate the incident, highlighting the gravity of the situation. Microsoft has made significant changes to the exploited system and is offering wider access to tools to help identify similar hacks in the future.