The Washington PostDemocracy Dies in Darkness

Microsoft faulted for ‘cascade’ of failures in Chinese hack

The independent Cyber Safety Review Board’s report knocks the tech giant for shoddy cybersecurity practices, lax corporate culture and a deliberate lack of transparency

By
and 
Updated April 2, 2024 at 6:18 p.m. EDT|Published April 2, 2024 at 4:00 p.m. EDT
A woman walks by the Microsoft office building in Beijing on July 20, 2021. (Andy Wong/AP)
10 min

A review board, mandated by President Biden, issued a scathing report Tuesday detailing lapses by the tech giant Microsoft that led to a targeted Chinese hack last year of top U.S. government officials’ emails, including those of Commerce Secretary Gina Raimondo.

The Cyber Safety Review Board’s report, a copy of which The Post obtained before its official release, takes aim at shoddy cybersecurity practices, lax corporate culture and a deliberate lack of transparency over what Microsoft knew about the origins of the breach. It is a blistering indictment of a tech titan whose cloud infrastructure is widely used by consumers and governments around the world.