House Oversight lawmakers to probe State Department email hack 

Leaders at the Departments of State and Commerce will have until Aug. 9 to provide further information about the intrusion to the GOP-led committee.
WASHINGTON, DC - JULY 27: Committee ranking member Rep. James Comer (R-KY) attends a House Oversight Committee hearing titled Examining the Practices and Profits of Gun Manufacturers in the Rayburn House Office Building. (Photo by Drew Angerer/Getty Images).

Lawmakers on the GOP-led House Committee on Oversight and Accountability on Wednesday announced an investigation into the recent hack that breached systems at the Department of State and Department of Commerce.

In letters to Secretary of State Antony Blinken and Secretary of Commerce Gina Raimondo, Reps. James Comer, R-Ky., Nancy Mace, R-S.C., and Glenn Grothman, R-Wis., are seeking further details about the breaches — in which nation-state hackers from China gained access to email accounts at the agencies by exploiting a vulnerability in Microsoft’s cloud services — amid concerns that they demonstrate a new level of sophistication from U.S. adversaries working to target the country with cyberattacks.

The lawmakers have requested the new information from federal officials by Aug. 9.

The lawmakers wrote: “We are also concerned that these attacks on federal agencies, which include at least the Department of Commerce and the Department of State, reflect a new level of skill and sophistication from China’s hackers.”


They added: “ To help the Subcommittees understand the discovery of the intrusion, impact of the intrusion at the Department, how the Department responded, and what the Department is doing to ensure the continued security of its email and overall information systems, we request a staff briefing as soon as possible but no later than August 9, 2023.”

The systems of at least the State Department and the Department of Commerce were compromised as part of a hacking campaign led by China, details of which were first reported last month by CNN.

The attack is understood to have resulted in the breach of email accounts of at least two-dozen organizations and was first discovered by the State Department, which subsequently reported the incident to Microsoft.

In a blog post last month, the software giant said that Chinese hackers had stolen one of its digital keys and used a “validation error in Microsoft code” to carry out a cyberespionage campaign.

Biden administration officials, security researchers and members of Congress have questioned the company’s commitment to security in the aftermath of the hack and why Microsoft is upselling customers for core security features.

Latest Podcasts