Watchdog Group Asks DOJ to Investigate Microsoft’s Cybersecurity Record and Revolving Door Hiring of Senior Officials
A conservative watchdog group has asked the Department of Justice to formally investigate Microsoft’s cybersecurity practices and whether a string of former senior federal officials violated ethics and post-employment laws before taking jobs with the company or its lobbyists. The American Accountability Foundation filed the request Tuesday in a letter to acting Inspector General William Blier, naming seven former national security and law enforcement officials — including former Deputy Attorney General Lisa Monaco — and raising questions about whether the government ever held Microsoft accountable for a series of major breaches affecting federal systems.
Monaco at the Center of the Complaint
The complaint’s most prominent target is Lisa Monaco, who launched the DOJ’s Civil Cyber-Fraud Initiative in October 2021 — a program explicitly designed to pursue government contractors that knowingly misrepresented their cybersecurity posture. Monaco left the Justice Department in January 2025 and joined Microsoft as president of global affairs just four months later, in May 2025.
The AAF’s letter asks why the DOJ never used Monaco’s own initiative to pursue Microsoft, despite a succession of high-profile breaches involving Microsoft products and federal networks occurring on her watch.
A Pattern of Serious Breaches
The foundation’s complaint centers on four major cyber incidents between 2019 and 2023 that compromised sensitive government systems:
The attacks collectively exposed thousands of government emails and penetrated some of the most sensitive corners of the federal bureaucracy.
The letter cites internal reporting that Microsoft employees had warned for years about the “Golden SAML” vulnerability later exploited in the SolarWinds attack. It also references a March 2024 Cyber Safety Review Board report that described Microsoft’s security culture as “inadequate” and attributed the Storm-0558 breach to a “cascade of avoidable security failures.”
Six Other Former Officials Named
Beyond Monaco, the complaint names six additional former officials who moved into Microsoft or Microsoft-adjacent roles:
The AAF argues that the collective movement of these officials into roles at or connected to Microsoft raises serious questions about potential conflicts of interest and compliance with federal post-employment restrictions — commonly known as revolving-door rules.
No Accusations of Misconduct — But Questions Remain
The foundation was careful to say it is not accusing any individual of specific wrongdoing. Instead, it argued that the “cumulative public record raises questions” serious enough to warrant a formal review by DOJ inspectors and the department’s Civil Division.
The request lands as Microsoft faces intensifying scrutiny in Washington over the security of products embedded across virtually every federal agency — and over the increasingly porous boundary between Silicon Valley’s biggest contractors and the senior national security officials meant to oversee them.
The revolving door between government cybersecurity roles and the private sector is not new, but the scale and seniority of the officials named in this complaint — combined with the severity of the breaches under review — makes the AAF’s request difficult for the DOJ to dismiss without explanation.