- US Air Force investigating SharePoint breach exposing PII and PHI across its systems
- Chinese-linked groups exploited SharePoint flaws
- Microsoft and US authorities are actively investigating the scope and impact of the breach
The US Air Force is reportedly investigating a potential data breach caused by a Microsoft SharePoint issue.
A report from The Register revealed the Air Force Personnel Center Directorate of Technology and Information issued a data breach notification shared on social media.
"This message is to inform you of a critical Personally Identifiable Information (PII) and Protected Health Information (PHI) exposure related to USAF SharePoint Permissions," the warning reads. "As a result of this breach, all USAF SharePoints will be blocked Air Force-wide to protect sensitive information."
Big names
The Register reported Microsoft Teams and Power BI dashboards should also be blocked since they access SharePoint, but this information is unconfirmed at this time.
"The Department of the Air Force is aware of a privacy-related issue," an Air Force spokesperson told The Register.
Further information out there is scarce right now, with little information on who the threat actors are and what they sought to achieve.
Obviously, most fingers are now being pointed towards China, following reports in early July 2025 that Microsoft had confirmed three Chinese-affiliated hacking groups exploited vulnerabilities in on-prem SharePoint servers.
The groups, called Linen Typhoon, Violet Typhoon, and Storm-2603, targeted flaws that allowed authentication bypass and remote code execution, which enabled them to steal sensitive data such as MachineKey information.
These exploits affected at least two US federal agencies and numerous other organizations globally. The situation is being actively investigated by both Microsoft and US authorities.
However, we should also not forget Russian state-sponsored groups, who have the skills and the infrastructure to pull this kind of attack off, and have done so in the not-too-distant-past, as well.
Previously, Microsoft faced US government fire over its lax cybersecurity approach, which even forced it to change how it operated - let’s see if this time it is any different.
You might also like
- NSA says Volt Typhoon was ‘not successful’ at persisting in critical infrastructure
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
