Congress Wants Microsoft’s Smith Testimony on Email Hacks

Billy House and Ellen M. Gilmer (BGOV), Bloomberg News

Brad Smith, president of Microsoft Corp., speaks at Gateway Technical College in Sturtevant, Wisconsin, US, on Wednesday, May 8, 2024. US President Joe Biden has touted bipartisan legislation on infrastructure and semiconductor subsidies the president says brought new investments to communities across the US and spurred a renaissance in domestic manufacturing, seeking to distinguish his record from Donald Trump, who he says watched as American jobs went to China. Photographer: Alex Wroblewski/Bloomberg , Bloomberg

(Bloomberg) -- A House committee has invited Brad Smith, Microsoft Corp.’s president, to testify about how the company is responding to hacks into US government officials’ Microsoft-powered email accounts and other breaches.

In a letter, the House Committee on Homeland Security’s top Republican and Democrat asked Smith to appear at a May 22 hearing focused on the company’s cybersecurity shortfalls and homeland security implications.

The lawmakers pointed to a March federal report that reviewed a 2023 compromise of the Microsoft Exchange Online mailboxes of 22 organizations and over 500 individuals around the world by a group “assessed to be affiliated with the People’s Republic of China in pursuit of espionage objectives.”

Among those compromised were senior US government representatives working on national security matters, the report showed. Those included Commerce Secretary Gina Raimondo, US Ambassador to the People’s Republic of China R. Nicholas Burns, and Representative Don Bacon, a Nebraska Republican on the Armed Services Committee.

Homeland Security Committee Chairman Mark Green of Tennessee and ranking panel Democrat Bennie Thompson of Mississippi said they are encouraged by Microsoft’s recent commitments to improve its cybersecurity practices. But they underscore there are “serious questions” about “an apparent lack of accountability and oversight.”

“It is imperative that Microsoft, which accounts for nearly 85 percent of the market share in the US government’s productivity software, be held to the same level of accountability as the rest of the US government’s trusted vendors,” they wrote.

In a statement, Microsoft said the company plans to cooperate with the committee but did not specify if Smith would appear on May 22.

“We’re always committed to providing Congress with information that is important to the nation’s security, and we look forward to discussing the specifics of the best time and way to do this,” it said in the statement.

(Updates with Microsoft response in final two paragraphs.)