In a letter released Thursday, Wyden said "even with the limited details that have been made public so far, Microsoft bears significant responsibility for this new incident."

The FTC, the Justice Department, and the Cybersecurity Agency - known as CISA - did not immediately respond to requests seeking comment. In a statement, Microsoft did not respond directly to Wyden's allegation but said would "work directly with government agencies on this issue, and maintain our commitment to continue sharing information."

Microsoft has been under increasing scrutiny following revelations that hackers allegedly operating on Beijing's behalf got hold of one of its cryptographic keys and took advantage of a coding flaw to win sweeping access to the company's cloud email platform. That access was used to spy on the communications of Commerce Secretary Gina Raimondo and senior State Department diplomats.

On Friday The Wall Street Journal reported that Beijing-linked hackers accessed the email account of the U.S. ambassador to China in an espionage operation thought to have compromised at hundreds of thousands of U.S. government emails.

In his letter, Wyden called on CISA to get the Cyber Safety Review Board - an air accident investigation-style body - to open an inquiry into the hack. He also called on the Department of Justice to see "whether Microsoft's negligent practices violated federal law" and on the FTC to investigate whether the incident overlapped with 20-year-long consent degree that expired in late 2022.

News of Wyden's letter was first reported by the Journal.

(Reporting by Raphael Satter; Editing by Chizu Nomiyama)

[© 2023 Thomson Reuters. All rights reserved.]

Copyright 2022 Reuters. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.  Thompson Reuters is solely responsible for this content.

Back to top