• Technology

    US Air Force investigating data breach caused by Microsoft SharePoint issue

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    US Air Force investigating data breach caused by Microsoft SharePoint issue

    US Air Force investigating SharePoint breach exposing PII and PHI across its systemsChinese-linked groups exploited SharePoint flawsMicrosoft and US authorities are actively investigating the scope and impact of the breach

    The US Air Force is reportedly investigating a potential data breach caused by a Microsoft SharePoint issue.

    A report from The Register revealed the Air Force Personnel Center Directorate of Technology and Information issued a data breach notification shared on social media.

    “This message is to inform you of a critical Personally Identifiable Information (PII) and Protected Health Information (PHI) exposure related to USAF SharePoint Permissions,” the warning reads. “As a result of this breach, all USAF SharePoints will be blocked Air Force-wide to protect sensitive information.”

    The Register reported Microsoft Teams and Power BI dashboards should also be blocked since they access SharePoint, but this information is unconfirmed at this time.

    “The Department of the Air Force is aware of a privacy-related issue,” an Air Force spokesperson told The Register.

    Further information out there is scarce right now, with little information on who the threat actors are and what they sought to achieve.

    Obviously, most fingers are now being pointed towards China, following reports in early July 2025 that Microsoft had confirmed three Chinese-affiliated hacking groups exploited vulnerabilities in on-prem SharePoint servers.

    The groups, called Linen Typhoon, Violet Typhoon, and Storm-2603, targeted flaws that allowed authentication bypass and remote code execution, which enabled them to steal sensitive data such as MachineKey information.

    These exploits affected at least two US federal agencies and numerous other organizations globally. The situation is being actively investigated by both Microsoft and US authorities.

    However, we should also not forget Russian state-sponsored groups, who have the skills and the infrastructure to pull this kind of attack off, and have done so in the not-too-distant-past, as well.

    Previously, Microsoft faced US government fire over its lax cybersecurity approach, which even forced it to change how it operated – let’s see if this time it is any different.

    You might also like

    NSA says Volt Typhoon was ‘not successful’ at persisting in critical infrastructureTake a look at our guide to the best authenticator appWe’ve rounded up the best password managers

    You Might Also Like