The US Air Force confirmed it’s investigating a “privacy-related issue” amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.
“The Department of the Air Force is aware of a privacy-related issue,” an Air Force spokesperson told The Register on Wednesday, while declining to answer specific questions about the alleged digital intrusion.
The Air Force’s confirmation follows what looks like a breach notification, shared with The Register and on social media, that purports to come from the Air Force Personnel Center Directorate of Technology and Information.
“This message is to inform you of a critical Personally Identifiable Information (PII) and Protected Health Information (PHI) exposure related to USAF SharePoint Permissions,” the notice says. “As a result of this breach, all USAF SharePoints will be blocked Air Force-wide to protect sensitive information.”
Two other Microsoft services, Teams and Power BI dashboards, will also allegedly be blocked because both access SharePoint, the alert continued, adding that restoration may take up to two weeks.
It’s unclear what services, if any, are offline right now. A DAF spokesperson said that the military branch “cannot confirm” that SharePoint and Teams have been disabled. Another person we spoke to on the phone claimed that they were “using it right now” when asked about SharePoint on Tuesday.
A Microsoft spokesperson told The Register that Redmond “has nothing to share at this time,” and declined to answer our specific questions including if the Air Force security snafu is related to July’s SharePoint fiasco.
Chinese government spies, data thieves, and at least one ransomware gang exploited a couple of SharePoint vulnerabilities over the summer, allowing them to hijack on-premises SharePoint servers belonging to more than 400 organizations and remotely execute code.
[…]
Source: Air Force admits SharePoint privacy issue; reports of breach • The Register
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft