Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Duke

Blog Incident database Request access

Loading database

Indexing incidents

Fetching SEC-disclosed cyber incidents and Duke's breach taxonomy…

Duke

Blog Incident database Request access

Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Microsoft Corporation Nation State (2024) | SEC Cybersecurity Incident | Duke Security

Duke

Blog Incident database Request access

← Back to incidents

Incident · Nation State

Microsoft Corporation · MSFT

Information TechnologyUSAIncident January 12, 2024Filed January 19, 2024

Impact score

Business continuity

—

Insurance involved

Not disclosed

Filing

8-K · 1.05

Breach taxonomy

Nation StateData ExfilConfidential BizPersonal DataInfo Privacy Loss

Summary

Beginning in late November 2023, a nation-state associated threat actor gained unauthorized access to Microsoft employee email accounts, including members of senior leadership and cybersecurity and legal staff. The attacker exfiltrated information from a very small percentage of employee email accounts. Microsoft detected the intrusion on January 12, 2024 and removed the threat actor's access on or about January 13, 2024. As of the filing date, no material operational impact had been determined.

Tagging rationale

ThreatNation State

Filing explicitly states a nation-state associated threat actor had gained access — direct attribution to nation-state actor.

MethodsData Exfil

Filing confirms the threat actor gained access to and exfiltrated information from email accounts; no initial access vector is described in this initial disclosure.

Assets

Confidential BizPersonal Data

Filing discloses unauthorized access to and exfiltration of employee email accounts including senior leadership, cybersecurity, and legal staff — containing confidential business communications.

EffectsInfo Privacy Loss

Filing discloses exfiltration of email data with no operational disruption mentioned; the company states the incident has not had a material impact on operations.

Impact

Nation-state actor exfiltrated emails from a small percentage of employee accounts including senior leadership; no operational disruption disclosed, but sophistication and targeting of leadership is significant.

InsuranceNot disclosed

Filing makes no mention of insurance.

Read the original SEC filing excerpt

Item 1.05. Material Cybersecurity Incidents On January 12, 2024, Microsoft (the Company or we) detected that beginning in late November 2023, a nation-state associated threat actor had gained access to and exfiltrated information from a very small percentage of employee email accounts including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, on the basis of preliminary analysis. We were able to remove the threat actor's access to the email accounts on or about January 13, 2024. We are examining the information accessed to determine the impact of the incident. We also continue to investigate the extent of the incident. We have notified and are working with law enforcement. We are also notifying relevant regulatory authorities with respect to unauthorized access to personal information. As of the date of this filing, the incident has not had a material impact on the Company's operations. The Company has not yet determined whether the incident is reasonably likely to materially impact the Company's financial condition or results of operations.

View SEC filing Back to database

Get alerts on new incidents

Drop your email and we’ll let you know when fresh SEC disclosures land in the database. No spam.

More in Information Technology

Unknown · April 13, 2026

Itron, Inc.

Itron was notified on April 13, 2026 that an unauthorized third party had gained access to certain corporate systems. The company activated …

Unknown · November 1, 2025

Logitech International S.A.

Logitech experienced a cybersecurity incident in which an unauthorized third party exploited a zero-day vulnerability in a third-party softw…

Unknown · September 20, 2025

BK Technologies Corporation

On approximately September 20, 2025, BK Technologies Corporation detected suspicious activity involving its IT systems and launched an inves…

Unknown · August 29, 2025

EVERTEC, Inc.

On August 29, 2025, Sinqia S.A., a Brazilian subsidiary of EVERTEC, Inc., identified unauthorized activity in its Pix real-time payment envi…