{"schema_version":"secwatch.filing_event.v1","accession":"0001193125-24-011295","form_type":"8-K","ticker":"MSFT","cik":"0000789019","company_name":"MICROSOFT CORP","filed_at":"2024-01-19T23:59:59+00:00","discovered_at":"2026-05-14T18:03:26.925882+00:00","generated_at":"2026-06-06T21:37:14.079774+00:00","sec_items":["1.05","7.01","9.01"],"event_type":"cyber","sentiment":"negative","materiality_score":0.75,"calibrated_materiality_score":0.75,"confidence":"high","headline":"Microsoft detects nation-state attack on corporate email; exfiltrated data from senior leadership accounts","bullets":["Threat actor Midnight Blizzard (Nobelium) accessed a very small percentage of employee email accounts via password spray on a legacy test tenant.","Exfiltrated emails and attachments from senior leadership, cybersecurity, legal, and other functions; no customer or production system access.","Access discovered Jan 12, 2024; removed Jan 13; investigation ongoing; company cooperating with law enforcement.","Microsoft says incident has not had a material impact on operations; financial impact not yet determined.","Company pledges to accelerate security standards for legacy systems, may cause disruption to existing business processes."],"urls":{"canonical":"https://secwatch.observer/filing/0001193125-24-011295","json":"https://secwatch.observer/filing/0001193125-24-011295.json","markdown":"https://secwatch.observer/filing/0001193125-24-011295.md","text":"https://secwatch.observer/filing/0001193125-24-011295.txt","edgar_index":"https://www.sec.gov/Archives/edgar/data/789019/000119312524011295/0001193125-24-011295-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/789019/000119312524011295/d708866d8k.htm"},"model":{"generated_by":"deepseek-v4-flash:cloud@v2","generated_at":"2026-06-06T21:37:14.079774+00:00"},"review":{"review_status":"machine_generated","human_reviewed":false,"corrected":false,"correction_note":null,"correction_timestamp":null,"superseded_by":null,"related_filings":[]},"source_grounded_claims":[{"claim_id":"64259f373d461559b156cb2a254dfa554e7c7d2a","claim":"MICROSOFT CORP disclosed a cybersecurity incident: A nation-state associated threat actor gained access to and exfiltrated information from a very small percentage of employee email accounts, including members of senior leadership and employees in cybersecurity, legal, and other functions. Impact: The incident has not had a material impact on operations; the Company has not yet determined whether it is reasonably likely to materially impact financial condition or results of operations. Materiality is still being assessed. Discovered 2024-01-12.","evidence_excerpt":"On January 12, 2024, Microsoft (the “Company” or “we”) detected that beginning in late November 2023, a nation-state associated threat actor had gained access to and exfiltrated information from a very small percentage of employee email accounts including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, on the basis of preliminary analysis.","evidence_source":"SEC 8-K Item 1.05","evidence_url":"https://www.sec.gov/Archives/edgar/data/789019/000119312524011295/0001193125-24-011295-index.htm","confidence":0.95,"family_label":"Cybersecurity Incidents","details":[{"label":"Nature","value":"A nation-state associated threat actor gained access to and exfiltrated information from a very small percentage of employee email accounts, including members of senior leadership and employees in cybersecurity, legal, and other functions."},{"label":"Impact","value":"The incident has not had a material impact on operations; the Company has not yet determined whether it is reasonably likely to materially impact financial condition or results of operations."},{"label":"Materiality","value":"assessing"},{"label":"Discovery","value":"2024-01-12"}],"fact_type":"cyber_incident"}],"license":"Source filings: public domain (SEC EDGAR). Summaries (headline + bullets): CC-BY-4.0; attribute https://secwatch.observer"}