Microsoft has admitted that a number of legal documents were stolen during recent phishing attacks on its staff and company accounts.
The firm has been hit repeatedly by the Syrian Electronic Army in recent weeks, with both Microsoft's blogs and Skype accounts hit during the attacks.
The company has now provided more insight into the effect of these attacks, with Adrienne Hall, general manager for Trustworthy Computing Group, explaining in a blog post that it would be talking to those affected as more information comes to light.
"We have learned that there was unauthorised access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen," she wrote.
"If we find that customer information related to those requests has been compromised, we will take appropriate action. Out of regard for the privacy of our employees and customers – as well as the sensitivity of law enforcement inquiries – we will not comment on the validity of any stolen emails or documents."
Hall also confirmed that Microsoft is stepping up its efforts to beat cyber criminals, including better staff training and awareness of the threats they face.
"We continue to further strengthen our security," she said. "This includes ongoing employee education and guidance activities, additional reviews of technologies in place to manage social media properties, and process improvements based on the findings of our internal investigation."
The incident underlines the perils facing busineses of all sizes – and the need for strong passwords and staff education – with even a tech giant such as Microsoft caught out by cyber attacks and phishing scams.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software