Microsoft cybersecurity

To Whom It May Concern:

Pursuant to the Freedom of Information Act, I hereby request the following records:

In June of 2023, State Department officials discovered that hackers linked to the Chinese government breached its systems using a vulnerability in Microsoft's software, according to media reports and public statements by Microsoft at the time (https://www.washingtonpost.com/national-security/2023/07/12/microsoft-hack-china/). Subsequently, in January of 2024, Microsoft disclosed that Russian nation-state hackers broke into its systems and stole customer secrets that were contained in emails between Microsoft and the customers (https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/).

Microsoft is the world's largest cybersecurity software provider by total sales, and one of the largest cybersecurity providers for the federal government, so it is in the public's interest to understand how the company responds to breaches that impact federal agency customers.

Therefore, I am requesting the following records:
- All digital and paper correspondence (such as electronic mail and paper mail) between CISA and representatives or employees from Microsoft Corporation from June 1, 2023 to present. Please include any attachments in responsive digital forms of correspondence.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.

Sincerely,

Aaron Holmes