There has been a breach in Microsoft's email system that has impacted multiple U.S. agencies, the company revealed.
U.S. officials and thetech giant said state-backed Chinese hackers broke into some of Microsoft's customers email accounts to gather intelligence on 25 organizations globally.
Microsoft says the hack started in mid-May and went undetected until mid-June, when the State Department noticed a small number of individuals at an unspecified number of U.S. agencies were targeted and their emails were breeched.
According to the Washington Post, one of the officials targeted was Commerce Secretary Gina Raimondo, as well as officials from the State Department.
The U.S. Cybersecurity and Infrastructure Security Agency, along with the FBI and Microsoft, concluded the hackers managed to gain access by impersonating authorized users.
Lawmakers claim Meta, Google had access to taxpayers' information
Democratic members of Congress issued a report indicating companies like H&R Block and TaxSlayer were "reckless" with personal information.
"They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key. Microsoft has completed mitigation of this attack for all customers," the tech giant said.
This is not the first time this has happened. In May, Microsoft reported that Chinese hackers tried to disrupt communications between the U.S. and its Five Eyes allies — Canada, New Zealand, Australia and the U.K.
While the full scope of the hack is still being investigated, Microsoft says the hackers are now contained, the data taken was unclassified, and the U.S. CIS is requesting organizations report any suspicious activity moving forward.
