Officials from Microsoft say they now believe that some documents related to requests for information by law enforcement agencies were compromised in an attack targeting some of the company’s employees.
Earlier this month, members of the rogue hacktivist group the Syrian Electronic Army (SEA) used a phishing campaign to breach systems, allowing the attackers to access some of the company’s blogs, their Twitter accounts, and employee email accounts that contained the law enforcement communications.
“While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen,” wrote Adrienne Hall, General Manager of Microsoft’s Trustworthy Computing Group.
Thus far, Microsoft does not believe that any sensitive customer information was compromised in the breach, and the investigation into the attacks is continuing.
“If we find that customer information related to those requests has been compromised, we will take appropriate action. Out of regard for the privacy of our employees and customers – as well as the sensitivity of law enforcement inquiries – we will not comment on the validity of any stolen emails or documents,” Hall said.
Microsoft will redouble their security awareness efforts to combat phishing threats, as well as conducting an overview of company procedures and protocols.
“In terms of the cyberattack, we continue to further strengthen our security. This includes ongoing employee education and guidance activities, additional reviews of technologies in place to manage social media properties, and process improvements based on the findings of our internal investigation,” Hall continued.
Read More Here…