US Senator Wyden asks FTC, CISA, DOJ to ‘take action’ against Microsoft following hack

(Reuters) -Oregon Senator Ron Wyden has asked the Federal Trade Commission, the Cybersecurity and Infrastructure Security Agency and the Justice Department to ‘take action’ against Microsoft following a China-linked hack that reportedly resulted in the theft of thousands of government emails from top U.S. officials.

In a letter released Thursday, Wyden said “even with the limited details that have been made public so far, Microsoft bears significant responsibility for this new incident.”

The FTC, the Justice Department, and the Cybersecurity Agency – known as CISA – did not immediately respond to requests seeking comment. In a statement, Microsoft did not respond directly to Wyden’s allegation but said would “work directly with government agencies on this issue, and maintain our commitment to continue sharing information.”

Microsoft has been under increasing scrutiny following revelations that hackers allegedly operating on Beijing’s behalf got hold of one of its cryptographic keys and took advantage of a coding flaw to win sweeping access to the company’s cloud email platform. That access was used to spy on the communications of Commerce Secretary Gina Raimondo and senior State Department diplomats.

On Friday The Wall Street Journal reported that Beijing-linked hackers accessed the email account of the U.S. ambassador to China in an espionage operation thought to have compromised at hundreds of thousands of U.S. government emails.

In his letter, Wyden called on CISA to get the Cyber Safety Review Board – an air accident investigation-style body – to open an inquiry into the hack. He also called on the Department of Justice to see “whether Microsoft’s negligent practices violated federal law” and on the FTC to investigate whether the incident overlapped with 20-year-long consent degree that expired in late 2022.

News of Wyden’s letter was first reported by the Journal.

(Reporting by Raphael Satter; Editing by Chizu Nomiyama)

tagreuters.com2023binary_LYNXMPEJ6Q0SO-VIEWIMAGE

tagreuters.com2023binary_LYNXMPEJ6Q0SR-VIEWIMAGE