On January 17, 2024, Microsoft Corporation filed an amended Form 8-K/A with the U.S. Securities and Exchange Commission, updating on a cybersecurity incident initially reported on January 19, 2024. The incident involved unauthorized access by a nation-state threat actor, identified as Midnight Blizzard, to a small percentage of Microsoft employee email accounts, including those of senior leadership and cybersecurity personnel. Since the original filing, it was discovered that the actor had also targeted Microsoft's source code repositories and internal systems. Despite the ongoing and sophisticated nature of the attack, Microsoft has stated that there has been no material impact on its operations or financial condition. The company has increased security investments and coordination to defend against the threat and is working with federal law enforcement. Microsoft also posted a blog on March 8, 2024, providing further details on the incident and its response, assuring that customer-facing systems have not been compromised and that they are actively reaching out to affected customers.

On January 17, 2024, Microsoft Corporation filed an amended Form 8-K/A with the U.S. Securities and Exchange Commission, updating on a cybersecurity incident initially reported on January 19, 2024. The incident involved unauthorized access by a nation-state threat actor, identified as Midnight Blizzard, to a small percentage of Microsoft employee email accounts, including those of senior leadership and cybersecurity personnel. Since the original filing, it was discovered that the actor had also targeted Microsoft's source code repositories and internal systems. Despite the ongoing and sophisticated nature of the attack, Microsoft has stated that there has been no material impact on its operations or financial condition. The company has increased security investments and coordination to defend against the threat and is working with federal law enforcement. Microsoft also posted a blog on March 8, 2024, providing further details on the incident and its response, assuring that customer-facing systems have not been compromised and that they are actively reaching out to affected customers.