Federal probe into Microsoft email hack sought

The U.S. Department of Justice, Cybersecurity and Infrastructure Security Agency, and Federal Trade Commission have been urged by Sen. Ron Wyden, D-Ore., to look into the negligence of Microsoft in the recent Chinese state-sponsored hacking of the email accounts of leading officials, including U.S. Commerce Secretary Gina Raimondo, according to The Record, a news site by cybersecurity firm Recorded Future. CISA Director Jen Easterly was sought to enlist the Cyber Safety Review Board to lead the investigation, with the board pushed to examine how Microsoft's security lapses have not been identified in external audits. Meanwhile, Wyden called on Attorney General Merrick Garland and FTC Chair Lina Khan to examine Microsoft's possible violations of federal law and the cybersecurity consent decree, respectively. "Government emails were stolen because Microsoft committed another error. Holding Microsoft responsible for its negligence will require a whole-of-government effort," wrote Wyden in a letter to the agencies. Wyden's request comes after stolen encryption keys leveraged in the attack were reported to have potentially enabled more extensive compromise, which was denied by Microsoft.