Microsoft
Microsoft logo Reuters

Financial details of Indian bank customers were compromised after Microsoft routinely shared them with US intelligence agencies, reports DNA Money.

Reserve Bank of India raised the concern in its Risk Assessment Report after data relating to customers, who had accounts with banks who have switched to Microsoft Office 365 cloud-based email service, was shared with intelligence agencies in the US.

Though the customers are not aware of this, the banks in question knew that this was happening.

According to RBI, when the banks purchased and migrated to Office 365, they became aware that Microsoft might be leaking their customers' information to third parties.

Microsoft transparency hub states that the company is bound to share customers' data under the US Foreign Intelligence Surveillance Act (FISA) and US national security letters as and when required by US authorities.

RBI reports show that from 2014 to 2016, Microsoft disclosed information on 3,036 occasions after more than 4,000 requests from US authorities about information relating to Indian customers in the US.

Banks and Microsoft have a deal about sharing their customers' data but Microsoft can only share the data further through an order issued by the Indian government or an Indian court.

According to cyber experts, India needs to put in place stringent laws to curb such practices as preserving consumer information, specifically financial information, is extremely important in today's digital world.

Supreme Court guidelines state that intermediary tech companies should not share data with third parties or take it out of the country. But IT companies flout regulations by finding multiple loopholes citing technological implementation.

In its response, Microsoft said that no government has direct access to its users' data and such is only shared when there is legal backing for the same. And, in a majority of the cases, the company asks the government to seek data directly from customers.