House committee asks Microsoft’s Brad Smith to attend hearing on security lapses

Brad Smith, vice chair and president of Microsoft, speaks at Gateway Technical College in Sturtevant, Wisconsin, on May 8, 2024.

Alex Wroblewski | Bloomberg | Getty Images

A House committee wants Microsoft‘s top lawyer, Brad Smith, to attend a hearing this month on exploits of the company’s software that resulted in hackers obtaining U.S. government officials’ emails.

Politicians regularly request that technology companies send their leaders to Washington. The CEOs of Alphabet, Meta and TikTok have all answered questions from members of Congress in recent years. Microsoft, the world’s most valuable public company, sells subscriptions to email software that’s pervasive in business and government, making it an obvious target for hackers.

A proposed hearing before the House Committee on Homeland Security, at 10 a.m. ET on May 22 in Washington, would go over Microsoft’s response to China’s breach of U.S. government officials’ email accounts, which the company disclosed last summer. The attack involved accounts belonging to Commerce Secretary Gina Raimondo, the Rep. Don Bacon, R-Neb., and Nicholas Burns, the U.S. ambassador to China.

But Smith might not necessarily show up at the time the committee asked about in a letter it sent him on Thursday.

“We’re always committed to providing Congress with information that is important to the nation’s security, and we look forward to discussing the specifics of the best time and way to do this,” a Microsoft spokesperson told CNBC in an email on Thursday.

Last month, the Cyber Safety Review Board said in a 34-page report on the attack that “Microsoft’s customers would benefit from its CEO and board of directors directly focusing on the company’s security culture.”

Microsoft CEO Satya Nadella directed employees to put security first in a memo last week. The company announced operational changes that address shortcomings that the independent federal board identified in the report.

Charlie Bell, executive vice president for security, said the Microsoft would “improve the accuracy, effectiveness, transparency, and velocity of public messaging and customer engagement” after the board expressed concern about the company not correcting an error in a corporate blog post for months.

In January, Microsoft reported another cyberattack. This time, Russian intelligence gained access to some of the company’s top executives’ email accounts.

Committee chairman Mark Green, R-Tenn., and Bennie Thompson, D-Miss., said in their letter inviting Smith to the hearing that they were encouraged by the company’s plans to overhaul its security practices. But they said the company’s failure to stop attacks put Americans at risk.

“Given the gravity of the issues discussed above and the need for thorough examination and oversight, it is critical that you appear before the committee,” Green and Thompson wrote.

WATCH: Microsoft needs to prioritize security over feature development: Former CISA Director Chris Krebs

Microsoft needs to prioritize security over feature development: Former CISA Director Chris Krebs