Review board to issue report detailing Microsoft’s lapses in China hack, Washington Post reports

(Reuters) -The U.S. Cyber Safety Review Board is expected to issue a report detailing lapses by Microsoft that led to a targeted Chinese hack of top U.S. government officials’ emails last year, the Washington Post reported on Tuesday.

The intrusion, which ransacked the Microsoft Exchange Online mailboxes of 22 organizations and more than 500 individuals around the world, was “preventable” and “should never have occurred”, the Washington Post said, citing the report.

Microsoft and the Cyber Safety Review Board did not immediately respond to Reuters’ requests for comment.

Last year, the tech giant said the Chinese hack of senior officials at the U.S. State and Commerce departments stemmed from the compromise of a Microsoft engineer’s corporate account penetrated by a hacking group it dubbed Storm-0558.

The hack is alleged to have stolen hundreds of thousands of emails from top American officials including Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.

The Cyber Safety Review Board’s report blames shoddy cybersecurity practices, lax corporate culture and a deliberate lack of transparency over what Microsoft knew about the origins of the breach, according to the Washington Post.

(Reporting by Mehnaz Yasmin in Bengaluru; Editing by Maju Samuel)