US Air Force investigating data breach caused by Microsoft SharePoint issue

News
By published

Personal and health information reportedly taken

Data breach
(Image credit: Shutterstock)
  • US Air Force investigating SharePoint breach exposing PII and PHI across its systems
  • Chinese-linked groups exploited SharePoint flaws
  • Microsoft and US authorities are actively investigating the scope and impact of the breach

The US Air Force is reportedly investigating a potential data breach caused by a Microsoft SharePoint issue.

A report from The Register revealed the Air Force Personnel Center Directorate of Technology and Information issued a data breach notification shared on social media.

"This message is to inform you of a critical Personally Identifiable Information (PII) and Protected Health Information (PHI) exposure related to USAF SharePoint Permissions," the warning reads. "As a result of this breach, all USAF SharePoints will be blocked Air Force-wide to protect sensitive information."

Big names

The Register reported Microsoft Teams and Power BI dashboards should also be blocked since they access SharePoint, but this information is unconfirmed at this time.

"The Department of the Air Force is aware of a privacy-related issue," an Air Force spokesperson told The Register.

Further information out there is scarce right now, with little information on who the threat actors are and what they sought to achieve.

Obviously, most fingers are now being pointed towards China, following reports in early July 2025 that Microsoft had confirmed three Chinese-affiliated hacking groups exploited vulnerabilities in on-prem SharePoint servers.

The groups, called Linen Typhoon, Violet Typhoon, and Storm-2603, targeted flaws that allowed authentication bypass and remote code execution, which enabled them to steal sensitive data such as MachineKey information.

These exploits affected at least two US federal agencies and numerous other organizations globally. The situation is being actively investigated by both Microsoft and US authorities.

However, we should also not forget Russian state-sponsored groups, who have the skills and the infrastructure to pull this kind of attack off, and have done so in the not-too-distant-past, as well.

Previously, Microsoft faced US government fire over its lax cybersecurity approach, which even forced it to change how it operated - let’s see if this time it is any different.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.