The Chinese hackers who in July breached the email accounts of multiple government officials, including Commerce Secretary Gina Raimondo, stole 60,000 emails from just ten employees of the US State Department, the New York Times reported.
The shocking volume of the theft was revealed on Wednesday when Senate staffers were briefed on the July hack.
According to a staffer from Missouri Senator Eric Schmitt’s office who attended the briefing, the 60,000 stolen emails were from ten State Department accounts. Nine of those accounts belong to State Department employees working on Pacific and East Asian affairs while the tenth account belonged to an employee working the European desk, Reuters reported.
The hack of the Microsoft-based email accounts at Commerce and State was first revealed in July. However, neither Microsoft nor US officials would say at the time how many accounts were breached or how many emails were accessed.
While Washington has not officially blamed China for the July hack, several US officials, including Secretary Raimondo, have suggested that Beijing was behind it.
Using a stolen Microsoft certificate, the hackers penetrated the State Department accounts, Biden officials told the staffers. In total, the stolen certificate was used to hack 25 government agencies and organizations.
In a statement obtained by Reuters, Senator Eric Schmitt (R-MO) said after Wednesday’s briefing that the federal government must “harden our defenses” against cyberattacks and examine whether its “reliance on a single vendor” could be a “potential weak point.”
Schmitt added that he would press administration officials for answers on how to ensure that “nefarious actors” like China cannot “gain access to the federal government’s most sensitive information.”
Since the July breach, Microsoft has faced criticism over its security practices. The company said in early September that the group behind the hack, Storm-0558, broke into webmail accounts using its Outlook service.