United States Air Force (USAF)

The US Air Force confirmed a privacy-related breach involving Microsoft SharePoint, exposing Personally Identifiable Information (PII) and Protected Health Information (PHI) due to misconfigured permissions. The incident triggered an Air Force-wide shutdown of SharePoint, along with Teams and Power BI dashboards, disrupting access to mission-critical files and operational tools for service members. Restoration efforts may take up to two weeks, severely impacting military workflows. The breach aligns with prior SharePoint vulnerabilities exploited by Chinese government spies and ransomware gangs, raising concerns over foreign espionage risks. While Microsoft declined comment, past incidents including China-based employees handling DoD cloud services highlight systemic security lapses. The exposure of sensitive military personnel data poses national security threats, compounded by potential operational disruptions in a high-stakes defense environment.

Source: https://www.theregister.com/2025/10/01/us_air_force_investigates_breach/

TPRM report: https://www.rankiteo.com/company/us-dept-of-the-air-force

"id": "us-3002530100225",
"linkid": "us-dept-of-the-air-force",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'Air Force service members '
                                              '(scope unclear)',
                        'industry': 'Defense',
                        'location': 'United States',
                        'name': 'United States Air Force (USAF)',
                        'type': 'Government/Military'}],
 'attack_vector': ['SharePoint Permissions Misconfiguration',
                   'Potential Exploitation of SharePoint Vulnerabilities '
                   '(unconfirmed)'],
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (PII and PHI)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_publicly_disclosed': '2023-10-18',
 'description': 'The US Air Force confirmed it is investigating a '
                "'privacy-related issue' following reports of a Microsoft "
                'SharePoint-related breach. The incident led to a service-wide '
                'shutdown of SharePoint, Teams, and Power BI dashboards, '
                'potentially rendering mission files and critical tools '
                'unavailable. The breach involved exposure of Personally '
                'Identifiable Information (PII) and Protected Health '
                'Information (PHI) due to SharePoint permissions issues. '
                'Restoration efforts may take up to two weeks. The incident '
                'follows summer 2023 exploits of SharePoint vulnerabilities by '
                'Chinese government spies, data thieves, and ransomware gangs, '
                'though direct links to this incident remain unconfirmed.',
 'impact': {'brand_reputation_impact': 'Moderate (public disclosure of breach '
                                       'and service disruption in a '
                                       'high-profile military branch)',
            'data_compromised': ['Personally Identifiable Information (PII)',
                                 'Protected Health Information (PHI)'],
            'downtime': 'Up to 2 weeks (estimated restoration time)',
            'identity_theft_risk': 'High (PII and PHI exposure)',
            'operational_impact': ['Mission files potentially unavailable',
                                   'Critical tools inaccessible to service '
                                   'members',
                                   'Disruption of collaboration and '
                                   'data-sharing platforms'],
            'systems_affected': ['Microsoft SharePoint (Air Force-wide '
                                 'shutdown)',
                                 'Microsoft Teams (potential shutdown)',
                                 'Power BI dashboards (potential shutdown)']},
 'investigation_status': 'Ongoing (US Air Force investigating)',
 'references': [{'date_accessed': '2023-10-18',
                 'source': 'The Register',
                 'url': 'https://www.theregister.com/2023/10/18/us_air_force_sharepoint_breach/'},
                {'source': 'Check Point Research (Summer 2023 SharePoint '
                           'Exploits)'}],
 'response': {'communication_strategy': ['Internal breach notification via Air '
                                         'Force Personnel Center',
                                         'Public confirmation to media (The '
                                         'Register)'],
              'containment_measures': ['Air Force-wide shutdown of SharePoint',
                                       'Blockage of Teams and Power BI (due to '
                                       'SharePoint dependency)'],
              'incident_response_plan_activated': 'Yes (investigation '
                                                  'confirmed)',
              'recovery_measures': ['Restoration of services (estimated 2 '
                                    'weeks)']},
 'stakeholder_advisories': ['Internal breach notification issued by Air Force '
                            'Personnel Center'],
 'title': 'US Air Force Investigates Privacy-Related SharePoint Breach and '
          'Service-Wide Shutdown',
 'type': ['Data Breach', 'Privacy Incident', 'Service Disruption'],
 'vulnerability_exploited': ['SharePoint Permissions Issue',
                             'Potential CVE-2023-29357 (SharePoint RCE, linked '
                             'to summer 2023 exploits)']}