Published in News

Microsoft scrambles to fix Copilot's privacy blunder

by on22 November 2024


A little too much oversharing

Microsoft's Copilot tool has inadvertently allowed customers to access sensitive information, including CEO emails and HR documents.

The software king of the world is now working to rectify the situation by deploying new tools and guidelines to address these privacy concerns.

In a blueprint for Microsoft's 365 productivity software suite, the company stated that these updates are designed "to identify and mitigate oversharing and ongoing governance concerns."

Copilot's functionality, which allows it to create detailed presentations and generate lists of a company's most profitable products, operates by browsing and indexing all internal information, similar to web crawlers used by search engines.

Some IT departments have set up lax permissions for accessing internal documents, often selecting "allow all" for the company's HR software rather than specifying particular users.

This oversight did not pose significant problems until Copilot provided a tool for the average employee to identify and retrieve sensitive documents.

Some customers discovered that Copilot could let employees access executive inboxes or sensitive HR documents.

A Microsoft employee familiar with customer complaints said, "Now when Joe Blow logs into an account and launches Copilot, they can see everything, including the CEO's emails."

The issue has prompted Microsoft to take immediate action to strengthen privacy measures and prevent such oversights from occurring in the future.

Last modified on 22 November 2024
Rate this item
(4 votes)

Read more about: