US Senator Wyden asks FTC, CISA, DOJ to 'take action' against Microsoft following hack

Send a link to a friend  Share

[July 28, 2023]  (Reuters) -Oregon Senator Ron Wyden has asked the Federal Trade Commission, the Cybersecurity and Infrastructure Security Agency and the Justice Department to 'take action' against Microsoft following a China-linked hack that reportedly resulted in the theft of thousands of government emails from top U.S. officials. 

Senator Ron Wyden (D-OR) speaks during the Senate Finance Committee hearing on the nomination of Chris Magnus to be the next U.S. Customs and Border Protection commissioner, in the Dirksen Senate Office Building on Capitol Hill in Washington, DC, U.S., October 19, 2021. Mandel Ngan/Pool via REUTERS/File Photo

In a letter released Thursday, Wyden said "even with the limited details that have been made public so far, Microsoft bears significant responsibility for this new incident."

The FTC, the Justice Department, and the Cybersecurity Agency - known as CISA - did not immediately respond to requests seeking comment. In a statement, Microsoft did not respond directly to Wyden's allegation but said would "work directly with government agencies on this issue, and maintain our commitment to continue sharing information."

Microsoft has been under increasing scrutiny following revelations that hackers allegedly operating on Beijing's behalf got hold of one of its cryptographic keys and took advantage of a coding flaw to win sweeping access to the company's cloud email platform. That access was used to spy on the communications of Commerce Secretary Gina Raimondo and senior State Department diplomats.

On Friday The Wall Street Journal reported that Beijing-linked hackers accessed the email account of the U.S. ambassador to China in an espionage operation thought to have compromised at hundreds of thousands of U.S. government emails.

In his letter, Wyden called on CISA to get the Cyber Safety Review Board - an air accident investigation-style body - to open an inquiry into the hack. He also called on the Department of Justice to see "whether Microsoft's negligent practices violated federal law" and on the FTC to investigate whether the incident overlapped with 20-year-long consent degree that expired in late 2022.

News of Wyden's letter was first reported by the Journal.

(Reporting by Raphael Satter; Editing by Chizu Nomiyama)

[© 2023 Thomson Reuters. All rights reserved.]

Copyright 2022 Reuters. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.  Thompson Reuters is solely responsible for this content.

 

 

Back to top