In its report published this week, the Cyber Safety Review Board (CSRB) says that the June 2023 online breach by Chinese threat actors who accessed U.S. government emails right before Secretary of State Anthony Blinken was to visit China, was “preventable”.

“[The report] identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations,” the report says.

The CSRB urges Microsoft to develop and “publicly share” a plan with specific timelines to make fundamental, security-focused reforms across the company and its suite of products.