Congressional Hearing on Microsoft’s Security Culture Post-SolarWinds Breach

Severity: High (Score: 75.0)

Sources: ramirez.house.gov, www.propublica.org, Cyberscoop, fedscoop.com, Ramirez.House

Summary

During a House Homeland Security Committee hearing on April 28, 2026, Microsoft faced scrutiny over its handling of security vulnerabilities that contributed to the SolarWinds cyberattack. A ProPublica investigation revealed that Microsoft ignored warnings from an engineer about a critical flaw that left millions, including federal employees, vulnerable. The breach, attributed to Russian hackers, is considered one of the largest in U.S. history. Microsoft President Brad Smith acknowledged the need for cultural change within the company, stating that security would now be a part of employee performance reviews. The Cyber Safety Review Board criticized Microsoft's security culture as 'inadequate,' prompting the company to tie executive bonuses to cybersecurity improvements. Meanwhile, Rep. Delia Ramirez criticized the Trump administration's cybersecurity policies and the impact of personnel cuts at the Cybersecurity and Infrastructure Security Agency (CISA). The hearing highlighted ongoing concerns about national cybersecurity and the effectiveness of current measures against sophisticated threats. Key Points: • Microsoft faced congressional criticism for its inadequate response to security vulnerabilities. • The SolarWinds breach, exploited by Russian hackers, affected millions of users, including federal employees. • Microsoft is implementing changes to prioritize security in its corporate culture and employee evaluations.

Key Entities

• Data Breach (attack_type)
• Department Of Treasury (company)
• SolarWinds (company)
• China (country)
• Government (industry)
• T1078 - Valid Accounts (mitre_attack)