White House: Microsoft security breach is 'active threat' possibly with 'large number of victims'

Press secretary urged data managers to "act now" to address breach.

Updated: March 5, 2021 - 5:20pm

The Facts Inside Our Reporter’s Notebook

The White House warned on Friday that recent reported data breaches of Microsoft servers constitute an "active threat" to which data managers should immediately respond in order to protect sensitive user information. 

Microsoft this week said in a security center blog post that it was releasing "several security updates for Microsoft Exchange Server to address vulnerabilities that have been used in limited targeted attacks."

The company did not clarify explicitly what kinds of attacks had occurred, though White House National Security Adviser Jake Sullivan in a Thursday tweet warned of "reports of potential compromises of U.S. think tanks and defense industrial base entities." According to The Hill, the breach was "reportedly carried out by Chinese hackers." 

At a Friday press conference, White House Press Secretary Jen Psaki warned that the data breaches constitute "a significant vulnerability" and an "active threat."

"[E]veryone running these servers, government, private sector, academia needs to act now to patch them," she said.

"We are concerned that there are a large number of victims and are working with our partners to understand the scope of this," she added. So it's an ongoing process." 

Psaki noted that the situation was "still developing," but added: "We urge network operators to take it very seriously."

Microsoft said its Exchange Server platforms from 2013, 2016 and 2019 were affected by the vulnerabilities.