(Reuters) – The U.S. Cybersecurity Review Board is expected to release a report detailing Microsoft’s (NASDAQ:) lapses that led to China’s targeted hacking of the emails of senior U.S. government officials last year, the Washington Post reported on Tuesday.
The intrusion, which raided the Microsoft Exchange Online mailboxes of 22 organizations and more than 500 individuals around the world, was “preventable” and “should never have happened,” the Washington Post reported, citing a report.
“While no organization is immune to cyberattacks from well-resourced attackers, we have mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and ensure compliance with security standards,” Microsoft said.
“Our security engineers continue to protect all of our systems from attack and are implementing even more robust sensors and logs to help us detect and defeat our adversaries’ cyber armies. We will also review the final report for additional recommendations,” it added.
The Cybersecurity Review Board did not immediately respond to a Reuters request for comment.
Last year, the tech giant said the Chinese hack of senior US State and Commerce officials was the result of a Microsoft engineer’s corporate account being compromised by a hacking group dubbed Storm-0558.
The hack is believed to have stolen hundreds of thousands of emails from senior US officials, including Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.
The Cybersecurity Review Board report blamed poor cybersecurity practices, weak corporate culture and a deliberate lack of transparency about what Microsoft knew about the reasons for the hack, according to the Washington Post.