The Department of the Air Force confirmed it is investigating a “privacy-related issue,” an Air Force spokesperson told The Register on Wednesday, but declined to answer specific questions about an alleged digital intrusion reported to the publication.
The confirmation follows what the article says looks like a breach notification, shared on social media, that purports to come from the Air Force Personnel Center Directorate of Technology and Information.
The notice, quoted in the article, states: “This message is to inform you of a critical Personally Identifiable Information (PII) and Protected Health Information (PHI) exposure related to USAF SharePoint Permissions,” and says “As a result of this breach, all USAF SharePoints will be blocked Air Force-wide to protect sensitive information.” The alert also allegedly warned that Microsoft Teams and Power BI dashboards would be blocked because both access SharePoint and that restoration may take up to two weeks.
It was not clear which services, if any, were offline. A Department of the Air Force spokesperson said that the branch “cannot confirm” that SharePoint and Teams have been disabled, and the article says another person reported they were “using it right now.”
The article notes that earlier this summer Chinese government spies, data thieves and at least one ransomware gang exploited SharePoint vulnerabilities to hijack on-premises servers belonging to more than 400 organizations and execute code remotely, and that security firm Check Point Research said the targets included a “major Western government.”
The report also recalls recent scrutiny of Microsoft contracts and support practices, including a Pentagon review and a later ban on China-based staff supporting Department of Defense cloud services.