Recent phishing attack targets select Microsoft employees

Recently, a select number of Microsoft employees’ social media and email accounts were subjected to targeted phishing attacks. This type of attack is not uncommon, and many companies grapple with phishing attempts from cybercriminals (visit www.microsoft.com/sir).

While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed.  It appears that documents associated with law enforcement inquiries were stolen.  If we find that customer information related to those requests has been compromised, we will take appropriate action.  Out of regard for the privacy of our employees and customers – as well as the sensitivity of law enforcement inquiries – we will not comment on the validity of any stolen emails or documents.

In terms of the cyberattack, we continue to further strengthen our security. This includes ongoing employee education and guidance activities, additional reviews of technologies in place to manage social media properties, and process improvements based on the findings of our internal investigation.

About the Author
Adrienne Hall

General Manager, Trustworthy Computing

Adrienne Hall is a General Manager in the Microsoft Trustworthy Computing group, where she leads a team of information technology (IT) professionals who are focused on the security, privacy, reliability, and accessibility of devices and services built on Microsoft technology. Read more »