Chinese hackers who breached Microsoft’s (MSFT.O) email platform this year managed to steal tens of thousands of emails from U.S. State Department accounts, a Senate staffer told on Wednesday.
The staffer, who attended a briefing by State Department IT officials, said the officials told lawmakers that 60,000 emails were stolen from 10 State Department accounts. Nine of those victims were working on East Asia and the Pacific and one worked on Europe, according to the briefing details shared via email by the staffer, who declined to be named.
In July, both U.S. authorities and Microsoft reported that hackers with suspected ties to the Chinese government had infiltrated approximately 25 organizations’ email accounts, including those of the U.S. Commerce and State Departments, starting in May. The full extent of the breach is still not fully known.
Accusations from the U.S. about China’s involvement in this breach have heightened tensions between the two nations, which were already strained, as Beijing has vehemently denied any involvement in the cyberattacks.
The State Department individuals whose accounts were compromised mostly focused on Indo-Pacific diplomacy efforts, and the hackers also obtained a list containing all of the department’s emails, according to the Wednesday briefing.
The sweeping hack has refocused attention on Microsoft’s outsize role in providing IT services to the U.S. government. The State Department has begun moving to “hybrid” environments with multiple vendor companies and improved uptake of multi-factor authentication, as part of measures to protect its systems, according to the officials at the briefing.
The hackers compromised a Microsoft engineer’s device, which allowed them to breach the State Department’s email accounts, according to the briefing.
Microsoft earlier this month said that a hack of senior officials at the U.S. State and Commerce Departments stemmed from the compromise of a Microsoft engineer’s corporate account.
“We need to harden our defenses against these types of cyberattacks and intrusions,” Schmitt said in a statement shared by the staffer.
“We need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point,” he said.
A Microsoft spokesman did not have an immediate comment on the Senate briefing. The company, which has faced criticism over its security practices since the breaches, has said that the hacking group behind them – dubbed Storm-0558 – had broken into webmail accounts running on the firm’s Outlook service.
The State Department did not immediately return a message seeking comment on Wednesday, and Schmitt wasn’t available for an interview.