US Representative Don Bacon said he is among those whose emails were hacked in an espionage campaign that Microsoft Corp. has attributed to China.
(Bloomberg) — US Representative Don Bacon said he is among those whose emails were hacked in an espionage campaign that Microsoft Corp. has attributed to China.
Bacon, a Republican from Nebraska and a strong advocate for US military support to Taiwan, posted on social media that the FBI had notified him that the Chinese Communist Party hacked into his personal and campaign emails over the course of a month, from May 15 to June 16.
“The CCP hackers utilized a vulnerability in the Microsoft software, and this was not due to ‘user error,’” he wrote on X, the social media platform formerly known as Twitter.
Bacon, a member of the House Armed Services Committee, received an email from Microsoft indicating he may have been hacked and advising him to change his password on June 16, according to Maggie Sayers, Bacon’s press secretary.
She said that following subsequent notification from the FBI that he had been hacked, Bacon determined emails relating to political strategy, fundraising and personal banking information may have been breached. As a former US Air Force intelligence officer, he is careful to avoid writing sensitive emails relating to China and Taiwan, she said.
Last month, Microsoft reported that China-based actors gained access to email accounts affecting about 25 organizations including government agencies and consumer accounts of individuals likely associated with these groups for espionage purposes.
US State Department has said it first noticed anomalous activity in June, in the weeks before Secretary of State Antony Blinken arrived in Beijing to meet with top officials, including Chinese President Xi Jinping. Commerce Secretary Gina Raimondo was among the US officials whose emails were breached. The emails of Nicholas Burns, US ambassador to China, were also breached, according to the Wall Street Journal.
Senator Ron Wyden, a Democrat from Oregon, last month called for the US to investigate Microsoft’s role in the breach and hold the company “responsible for its negligent cybersecurity practices.”
“Government emails were stolen because Microsoft committed another error,” Wyden said in a July 27 letter.
Since then, the Department of Homeland Security announced that a US cybersecurity advisory panel will investigate malicious targeting of cloud computing environments. The panel will also look into Microsoft’s role in the recent breach.
The review by the Cyber Safety Review Board, which was created by the Biden administration to investigate major cybersecurity events, will focus on approaches cloud service providers, the government and industry should employ to strengthen identity management and authentication in the cloud, according to DHS.
The FBI didn’t immediately reply to a request for comment. China’s Foreign Ministry has described claims about the hacking campaign as “false information”.
Bacon posted on X that he would “work overtime” to ensure US weapons sales to Taiwan go ahead. The hack of Bacon’s emails was previously reported by the Washington Post.
As for why he was hacked, Bacon wrote, “I stand against the Uighur genocide and abuses in Tibet and Hong Kong. And, I support an independent Taiwan.”
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.