Due to defects in software released by Microsoft, 38 million of users’ personal information leak occurred.
The DPA news agency reported on the 25th (local time) that a number of users’ names, addresses, phone numbers, and e-mails were leaked due to defects that appeared in Microsoft’s recently released business software “Power Apps.”
In addition, health-related information such as COVID19 contact route and vaccination was leaked.
Cybersecurity company Upgard, who discovered the flaw, told Microsoft on June 24 that it had not paid much attention.
UPGARD added that due to errors in setting personal information in the software in question, a pile of leaks occurred, with at least 47 companies and institutions affected.
In particular, CNN reported that user personal information was leaked not only from private companies that used the software in question but also from government agencies.
The leak list included Maryland’s Health Administration, New York’s Metropolitan Transportation Agency, American Airlines and Ford, and personal information of the employees has been floating for months, CNN said.
These companies have strengthened security, and there have been no circumstances to steal personal information.
MS issued a statement explaining that only a small number of users were allowed unauthorized access to data in the system, and later changed the software security settings in question.
Meanwhile, President Joe Biden invited CEOs of big-tech companies to hold talks at the White House to ask for cooperation from the private sector in cybersecurity.
MS CEO Satya Nadella, who attended the meeting, said she would invest $20 billion over five years to strengthen cybersecurity. The figure is four times larger than the current size, according to foreign media. After the meeting, MS CEO Nadella tweeted, adding that he would invest 150 million dollars (about 175 billion won) in improving the cybersecurity system of government agencies.
President Biden has recently shifted his foreign policy priorities to cyberattacks as well as federal government and companies in charge of the key industries have been hacked, including ransomware attacks.
Recently, all U.S. government agencies signed an administrative order requiring the introduction of a two-stage authentication system to log in to their accounts. In June, he also warned Russian President Vladimir Putin not to touch the list of infrastructure facilities in 16 areas.