On July 11, 2023, Microsoft disclosed that a group of Chinese hackers had broken into some of its customers’ email systems to gather intelligence. The hackers, who Microsoft identified as Storm-0558, were able to gain access to the accounts of government agencies and individuals in the United States and Europe.
The hackers exploited a vulnerability in Microsoft’s cloud email service to gain access to the accounts. They were then able to use stolen credentials to access other accounts. The hackers were able to steal a significant amount of data, including emails, documents, and other sensitive information.
Microsoft has since patched the vulnerability and blocked the hackers’ access to the affected accounts. However, the full extent of the damage is still unknown. The company is working with law enforcement to investigate the incident.
The Microsoft data breach is a reminder of the growing threat of cyberattacks from bad actors. It is important for businesses to take the necessary steps to not only protect their data from cyber threats but to also be prepared with a remediation plan should a breach take place.
This breach has set off warning alarms for many boards of directors.
Public company directors know their role is to perform oversight of the corporation. This includes reviewing the operating plans, going over financials, and the foundational responsibility of mitigating risk.
Many boards are now focusing on coming up the cybersecurity learning curve in anticipation of the proposed new SEC regulations on board of directors’ cyber compliance.