US Air Force Probes Suspected SharePoint Breach Exposing Sensitive Data
Published
- Privacy investigation: The U.S. Air Force is investigating a "privacy-related issue" following reports of a potential data breach.
- Service disruption: An unconfirmed notice announced a blockade of SharePoint, Microsoft Teams, and Power BI to protect sensitive information.
- Potential data exposure: The alleged breach involves the exposure of PII and PHI related to USAF SharePoint permissions.
The United States Air Force (USAF) is investigating a significant privacy issue amid reports of a potential data breach linked to its Microsoft SharePoint services. An Air Force spokesperson acknowledged awareness of a "privacy-related issue."Â
This development raises serious questions about military cybersecurity and the protection of sensitive personnel data.
Reports of Service Shutdown and Data Exposure
The investigation follows the circulation of a notice, reportedly from the Air Force Personnel Center, detailing a critical exposure of Personally Identifiable Information (PII).Â
According to this unconfirmed alert, the breach necessitated a force-wide shutdown of all USAF SharePoint sites to prevent further data compromise.
The alleged notice also stated that Microsoft Teams and Power BI dashboards would be blocked, as both services access the SharePoint infrastructure. The restoration of these services is reportedly expected to take up to two weeks.Â
However, the USAF spokesperson did not confirm that SharePoint and Teams had been disabled, nor did they provide specifics or the scope of the incident.
While an official confirmation of the service shutdown has not been provided, the potential disruption to mission-critical files and tools is substantial.
Broader Implications for Government Cybersecurity
This incident brings renewed focus on the security of third-party software platforms used by government and military agencies. It is unclear if this SharePoint privacy issue is connected to previous vulnerabilities that affected hundreds of organizations over the summer.Â
However, the event underscores the persistent threats facing federal IT systems and the critical need for robust security protocols to safeguard sensitive government information, including PII and Protected Health Information (PHI), from unauthorized access and exposure.Â
Microsoft has not provided specific comments on the situation at this time. The company’s August Patch Tuesday addressed critical flaws, including a vulnerability in SharePoint.
Microsoft said Chinese nation-state actors Linen Typhoon and Violet Typhoon and China-based threat actor Storm-2603 were seen exploiting these vulnerabilities in internet-facing SharePoint servers.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular