Exclusive The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.
"The Department of the Air Force is aware of a privacy-related issue," an Air Force spokesperson told The Register on Wednesday, while declining to answer specific questions about the alleged digital intrusion.
"The preliminary investigation is ongoing, and we are assessing the scope of any concerns and any necessary required remediation," the spokesperson added. "We are in the process of evaluating technical remediation solutions and will act as appropriate. Compliance with the Privacy Act and identifying a solution for this technical problem is critical to the DAF to ensure warfighter readiness and lethality."
The Air Force's confirmation follows what looks like a breach notification, shared with The Register and on social media, that purports to come from the Air Force Personnel Center Directorate of Technology and Information.
"This message is to inform you of a critical Personally Identifiable Information (PII) and Protected Health Information (PHI) exposure related to USAF SharePoint Permissions," the notice says. "As a result of this breach, all USAF SharePoints will be blocked Air Force-wide to protect sensitive information."
Two other Microsoft services, Teams and Power BI dashboards, will also allegedly be blocked because both access SharePoint, the alert continued, adding that restoration may take up to two weeks.
It's unclear what services, if any, are offline right now. A DAF spokesperson said that the military branch "cannot confirm" that SharePoint and Teams have been disabled. Another person we spoke to on the phone claimed that they were "using it right now" when asked about SharePoint on Tuesday.
A Microsoft spokesperson told The Register that Redmond "has nothing to share at this time," and declined to answer our specific questions including if the Air Force security snafu is related to July's SharePoint fiasco.
- Blame a leak for Microsoft SharePoint attacks, researcher insists
- US Navy: I can't quit you, Azure
- Pentagon ends Microsoft's use of China-based support staff for DoD cloud
- Microsoft rewarded for security failures with another US government contract
Chinese government spies, data thieves, and at least one ransomware gang exploited a couple of SharePoint vulnerabilities over the summer, allowing them to hijack on-premises SharePoint servers belonging to more than 400 organizations and remotely execute code.
The targets included a "major Western government," according to Check Point Research.
While it's unclear if the SharePoint attacks victimized any US government agencies or military branches, Microsoft's earlier security failings have directly affected Uncle Sam - which continues to funnel billions of dollars into Redmond's coffers.
Also this summer, an investigation exposed Microsoft's use of China-based employees to support DoD cloud services. The Pentagon then launched a review and later banned the practice.
Both Russian and Chinese government snoops broke into Microsoft systems in recent years, giving Beijing access to government emails, and other important, supposedly secret stuff, prompting a lashing from the feds for a "cascade" of "avoidable errors." ®