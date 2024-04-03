The Cyber Safety Review Board, established by the Biden administration, issued a scathing report on Tuesday criticizing Microsoft’s corporate security and transparency regarding a breach that allowed state-backed Chinese cyber operators to access email accounts of senior U.S. officials, including Commerce Secretary Gina Raimondo. The report highlighted shoddy cybersecurity practices, a lax corporate culture, and a lack of sincerity from Microsoft about its knowledge of the breach, which affected multiple U.S. agencies. The board concluded that Microsoft’s security culture was inadequate and called for an overhaul, emphasizing the company’s critical role in the global technology ecosystem. The panel made sweeping recommendations, including halting the addition of features to Microsoft’s cloud computing environment until substantial security improvements are made. Microsoft responded, stating it would continue to strengthen its systems against attacks and implement robust security measures. The breach, attributed to state-backed Chinese hackers, compromised the email accounts of 22 organizations and over 500 individuals globally, including the U.S. ambassador to China, Nicholas Burns. The board also expressed concerns about a separate hack attributed to state-backed Russian hackers, pointing to a corporate culture that deprioritized security investments and risk management. Microsoft acknowledged the need for a new culture of engineering security within its networks and stated it has mobilized its engineering teams to address security vulnerabilities.

