Former officials from the Biden administration are facing allegations of overlooking cybersecurity failures by major tech companies, only to later secure lucrative positions or deals with those same firms.
The National Accountability Foundation, which focuses on government oversight and research, has urged the Justice Department to investigate Microsoft and several officials from the Biden administration in a letter sent on Tuesday.
Among those referenced in the correspondence is Lisa Monaco, the former Deputy Attorney General. Her career decisions post-administration caught the eye of President Trump back in September 2025.
Trump expressed his concerns, calling Monaco “corrupt” and criticizing her hiring as Microsoft’s global president, a role that provides access to sensitive information. He deemed her a potential threat to national security, considering Microsoft’s substantial contracts with the government.
The AAF has suggested that Monaco’s role at Microsoft raises potential issues, especially since she once launched a cyber fraud initiative aimed at holding contractors accountable for misrepresenting cybersecurity risks. Interestingly, there were numerous cases brought against various companies, but none against Microsoft.
This inaction is particularly puzzling, given the multiple cybersecurity breaches Microsoft endured from 2019 to 2023, which posed significant risks to the U.S. government.
AAF highlighted that these breaches affected various critical departments, leading to the theft of tens of thousands of government emails.
One notable attack linked to Microsoft was the SolarWinds incident, which allegedly took advantage of a flaw in Microsoft’s Active Directory Federation Services. Reports suggest that Microsoft was aware of this flaw but hesitated to fix it for fear of losing billions in federal contracts.
In a 2021 statement, Microsoft’s former president claimed that Congressional investigations found no vulnerabilities in their products exploited in the SolarWinds attack.
While some Biden officials attempted to hold Microsoft accountable, the efforts appears to have lacked real consequences.
The Cyber Security Review Board, established by former Secretary of Homeland Security Alejandro Mayorkas, noted another attack in May 2023, which was attributed to hackers linked to Beijing. It pointed to a series of avoidable errors on Microsoft’s part.
Despite the apparent negligence, Microsoft has faced no substantial repercussions.
According to the National Accountability Foundation, the situation demonstrates the type of conduct their initiative was designed to address, but to date, no investigations into Microsoft under the False Claims Act have been initiated. In contrast, other companies with seemingly lesser issues have faced scrutiny.
Besides Monaco, the AAF also raised concerns about several other officials from the Biden administration, including:
- Brian Borndran, who formerly served as the deputy director of the FBI’s Cyber Division and was part of the Cybersecurity Review Board. He left to join Microsoft as deputy chief information security officer in June 2025.
- Jerry Davis, a member of the CSRB, who became Microsoft’s chief security advisor shortly after the Board’s report highlighted inadequacies in Microsoft’s security practices.
- Robert Joyce, the former director of the NSA’s Cybersecurity Bureau, who started a cybersecurity firm after leaving the NSA and proposed Microsoft as a client.
The AAF stated that federal ethics guidelines restrict government employees from participating in matters where they hold financial interests and require a cooling-off period before they can represent private entities to former agencies.
While the AAF did not claim any specific laws were broken, they believe an investigation is justifiable.
A spokesperson for the Justice Department asserted their commitment to tackling fraud and protecting taxpayer funds, encouraging anyone with reliable information to come forward.
