Instead, Microsoft feared it might lose its government contract by warning about the bug and allegedly downplayed the problem, choosing profits over security, ProPublica reported.

This apparent negligence led to one of the largest cyberattacks in US history, and officials’ sensitive data was compromised due to Microsoft’s security failures.

Even Microsoft itself was breached, with a Russian group accessing senior staff emails this year, including their “correspondence with government officials,” Reuters reported.

Smith described the SFI as “a multiyear endeavor” focusing all of Microsoft’s efforts developing products and services “on achieving the highest possible standards for security.”

He warned that online threats are always evolving but said that Microsoft was committed to grounding projects in core cybersecurity tenets that would prioritize security in product designs and ensure that protections are never optional and always enabled by default.

In 2021, Smith told Congress that “there was no vulnerability in any Microsoft product or service that was exploited” in that cyberattack, while arguing that “customers could have done more to protect themselves,” ProPublica reported.

Saved 79% of original text.