SharePoint Online Data Breaches:
What Happened in July 2025 and
How to Protect Your Business

How Did Microsoft Respond to the Breach?

As soon as Microsoft got wind of these attacks, they sprang into action to contain the damage. In fact, the timeline is a bit complicated: Microsoft had actually released a security patch in early July 2025 to fix the SharePoint vulnerability, but it later turned out that this initial patch didn’t fully close the hole. Once attackers found a way to bypass that fix and started infiltrating servers en masse, Microsoft faced a crisis situation. Here’s what they did next:

• Public Alerts and Guidance: On July 19, 2025, Microsoft publicly acknowledged “active attacks targeting on-premises SharePoint Server customers” via this vulnerability. The Microsoft Security Response Center (MSRC) issued an urgent blog post with customer guidance. Microsoft made it clear that they had identified the issue and were working on a complete fix. They also emphasized an important reassurance: “These vulnerabilities apply to on-premises SharePoint Servers only. SharePoint Online in Microsoft 365 is not impacted.” In other words, the cloud users were safe from this particular flaw, while anyone running their own SharePoint server needed to act immediately.
• Emergency Patches: Microsoft quickly developed and released new security updates to fully address the SharePoint bugs. By July 20-21, they had issued patches for all supported versions of SharePoint Server (2016, 2019, and the Subscription Edition) that actually worked to close the vulnerability. A Microsoft spokesperson admitted that the initial fix was incomplete but confirmed that these further patches “resolved the issue”. In total, Microsoft ended up publishing three rounds of updates in July to stomp out the exploit completely. This was essentially an out-of-band emergency fix, they didn’t wait for the next monthly cycle; they pushed updates as soon as they were ready because of the ongoing attacks.
• Collaboration with Security Agencies: Microsoft worked closely with government cyber agencies (like CISA in the U.S.) and industry partners to spread the word and help affected customers. CISA put out alerts urging organizations to install Microsoft’s updates and even released a script to detect signs of compromise. Microsoft also shared technical details (Indicators of Compromise, attacker techniques, etc.) through its threat intelligence blog to help IT professionals hunt for any breach activity. The goal was to not only patch systems but also enable companies to check if hackers had already been in their SharePoint.
• Mitigations and Hardening: In their guidance, Microsoft outlined steps beyond just patching. They advised SharePoint admins to do things like rotate certain encryption keys, enable antivirus and an endpoint protection tool (such as Microsoft Defender for Endpoint), and turn on an optional security feature in SharePoint called AMSI (Anti-Malware Scanning Interface) for extra defense. For a small business using SharePoint Online, you don’t have to worry about those specific server settings, Microsoft handles much of that in the cloud, but it shows how Microsoft left no stone unturned in helping customers lock down any remaining vulnerabilities.

 Microsoft’s swift response, especially once the scope of the attack became clear, drew praise, but the situation also highlighted a lesson: patches need to be 100% effective. In this case, a partial fix left a crack open for hackers to exploit. The good news is that by late July 2025, Microsoft had fully patched the SharePoint flaw. If your systems were updated, the immediate threat was neutralized. Microsoft also pointed out (and security experts echoed) that companies on SharePoint Online were unaffected by the bug, underlining the value of cloud-hosted services that Microsoft can update behind the scenes. As Alex Stamos, a well-known cybersecurity expert, put it during this incident: “Nobody should be running Microsoft on-premise products anymore.” His blunt point was that cloud services like Microsoft 365 tend to be more resilient against these kinds of threats, because they are maintained and secured by the provider (Microsoft) in real time. While that might be an over-generalization, it certainly rings true in this case, the small businesses using SharePoint Online dodged this bullet entirely.

Why Should Small Businesses Care If They Weren’t Hit?

At this point, you might be thinking: “Okay, a bunch of big organizations got hacked via SharePoint. But we use SharePoint Online, and Microsoft fixed the problem. So are we in the clear?” It’s true that if your company was on SharePoint Online (the cloud) rather than hosting a SharePoint server in-house, you were not directly affected by the July 2025 vulnerability. However, there are several reasons small and mid-sized businesses (SMBs) like yours should still pay close attention to incidents like this:

• Security Incidents Can Happen to Anyone: The July 2025 attacks cast a wide net, they hit government agencies, universities, large enterprises, and likely some smaller firms as well. The hackers weren’t specifically targeting only mega-corporations; they were effectively scanning for any vulnerable SharePoint servers. This means if a small business had been running an outdated SharePoint server, they could have easily been among the victims. Cyber criminals often exploit software flaws broadly, without regard for company size. In fact, 43% of cyberattacks are aimed at small businesses, yet many small businesses believe “we’re too small to be on hackers’ radar.” The reality is attackers frequently go after SMBs, precisely because smaller companies tend to have weaker security. Don’t fall into a false sense of security due to size, as one Verizon report bluntly put it, small businesses are target #1 for many cyber criminals.
• Your Data and Reputation are on the Line: Even if you weren’t breached, the incident is a reminder of what’s at stake. Imagine if hackers got into your SharePoint and accessed all your client files, financial records, or proprietary information. For a small business, that kind of data breach can be devastating, it erodes customer trust, might put you in legal hot water (if, say, customer personal data is exposed), and disrupts operations. We often hear about the big breaches on the news, but a lot of smaller companies suffer hacks and many never recover. Studies have found that a majority of small businesses that suffer a serious cyber breach end up going out of business within six months due to the costs and damage incurred. In short, you have a lot to lose if your sensitive business data is compromised. Incidents like the SharePoint breach serve as a wake-up call.
• Cloud Services Are Safer – But Not Infallible: Yes, using cloud-based services like SharePoint Online gave users a layer of protection in this case. Microsoft’s cloud had the benefit of not being affected by this particular bug, and Microsoft manages the infrastructure and security updates for you. However, “not affected by this bug” doesn’t mean “impossible to breach.” No system is 100% safe. Misconfigurations (like setting the wrong sharing permissions) or stolen user credentials can still lead to a data leak in any cloud platform. And while Microsoft and other cloud providers do a great job securing their services, new vulnerabilities can emerge. Today it was SharePoint on-premises; tomorrow it could be a different part of the Microsoft 365 cloud that has a flaw. Smart business owners remain vigilant and invest in good security practices even for cloud apps. Think of it like living in a secure apartment building, the landlord (Microsoft) provides strong locks and security guards, but you still need to lock your own door and not hand your keys to strangers.
• Supply Chain and Partners: Another consideration, even if your company wasn’t directly hit, some of your partners or suppliers might have been. For example, let’s say you’re a small consulting firm that collaborates with a larger client via SharePoint. If that client’s SharePoint was breached, documents you shared with them might be exposed. Or if you outsource HR or accounting to a provider that uses SharePoint, their breach could leak your employee or financial data. We increasingly operate in interconnected ecosystems where a breach at one organization can impact others. So it’s important to assess not just your own systems, but also stay informed about incidents affecting key partners. It might prompt you to change a password or revoke a shared access link as a precaution.
• Lessons Learned (Preparation Pays Off): Lastly, events like the SharePoint breach highlight how crucial it is to have a proactive security posture. Businesses that had strong patch management (applying updates quickly) or that had moved to the cloud fared much better in this incident. Those caught unprepared were scrambling. Only 14% of small businesses feel they are adequately prepared to defend against cyberattacks, which means far too many are reactive (patching only after news of a breach, not before) or unaware of their vulnerabilities. By caring about these issues now, you can avoid being the “low-hanging fruit” for the next attack. It’s much less painful to implement good security upfront than to deal with the fallout of a data breach later.

In short, small business owners should care about the SharePoint breach because it underscores a broader truth: cybersecurity is now a vital part of running a business, no matter your size. The incident demonstrates how a single software flaw can have worldwide consequences, and it reinforces the need for vigilance, updates, and strong safeguards. The good news is there are clear steps you can take to dramatically lower your risk, which brings us to our next section.

Practical Tips for Protecting Your Data on SharePoint
(and Other Cloud Platforms)

The SharePoint Online platform is a powerful tool for productivity, but like any tool, you need to use it safely. The July 2025 breach may have you wondering, “What can I do to make sure our data is secure?” The great thing about Microsoft 365 and SharePoint Online is that Microsoft handles a lot of security in the background, but not all of it. You, as the business owner or administrator, still control critical security settings and practices for your users. Here are some practical, non-technical steps to help protect your company’s data on SharePoint Online (and really any cloud service):

• Keep Everything Updated: This might sound obvious if you’re in the cloud, since Microsoft updates Office 365 apps automatically. But ensure that all your users are running the latest Office apps and that their devices (PCs, phones) get regular security updates. If you use any third-party add-ons with SharePoint or integrate it with other software, keep those updated too. For those few services you might still run on-premises, apply patches as soon as they’re available. The SharePoint breach taught us that delaying updates can be costly, hackers often exploit known vulnerabilities very quickly. The faster you update, the smaller your window of exposure.
• Use Strong Passwords and Multi-Factor Authentication (MFA):** User accounts are the front door to your SharePoint data. Make sure that door is well locked! Require your employees to use strong, unique passwords for their Microsoft 365 accounts, no “Summer2023!” or other easy guesses. Even better, enable multi-factor authentication for all users. MFA means that even if an attacker somehow steals a password, they still can’t log in without the second factor (like a code on the user’s phone). According to the U.S. SBA, using MFA and other basic practices like strong passwords are “musts” for every small business. Microsoft 365 has built-in MFA options, turn them on. It’s one of the simplest and most effective ways to prevent unauthorized access to your SharePoint and email accounts. (Most hacking incidents start with a compromised password, so this is huge.)
• Review and Limit Access Permissions: One big advantage of SharePoint is the ability to control who sees what. Take some time to audit your SharePoint sites and folders. Does every employee have access to everything, or only what they truly need for their job? Following the principle of least privilege is key, give each user the minimum access necessary. For example, your HR files site probably should only be accessible to the HR team, not the whole company. In SharePoint Online you can set permissions at the site, folder, or document level. Also be cautious with external sharing: if you share a document with people outside your organization, use the setting that requires specific people to log in (rather than an open “anyone with the link” link, unless it’s truly intended to be public). Microsoft provides tools like sensitivity labels and external sharing controls to help manage this. By tightening permissions, you reduce the impact if any single account is compromised, the hacker would hit a wall when trying to access data beyond that account’s authority.
• Monitor Your SharePoint and Office 365 Security Alerts: Microsoft 365 has a Security Center that can alert you to unusual activities, such as many files being downloaded at once, or a login from an unfamiliar location. Make sure those alerts are configured and that someone in your team actually reviews them. For a small business, you might not have a dedicated IT security staff, but at least designate an “owner” for security notifications (maybe your IT-savvy office manager or an external IT provider). If you get an alert that a user account has suspicious activity (for instance, logging in from Russia at 3 AM when you only operate in South Carolina), don’t ignore it. Investigate and take action (you can force a password reset, etc.). Early detection of a possible breach can save you from a disaster. Microsoft’s tools can even automatically disable an account that looks compromised, but you need to set up things like that in the security settings. So, spend an hour clicking through your Microsoft 365 security dashboard; it’s time well spent.
• Back Up Your Data (Yes, Even Cloud Data): Microsoft SharePoint Online keeps multiple copies of your files and has version history, recycle bins, and retention policies. That’s great, but it’s also wise to have your own backup plan. Consider periodically exporting critical documents or using a third-party backup service for Office 365 that archives your SharePoint/OneDrive data. This protects you in scenarios like ransomware (where files might get encrypted, though Microsoft’s built-in version history can often help restore them), or simply human error (someone deletes a bunch of files they shouldn’t have). Many small businesses assume the cloud is infallible; while Microsoft’s infrastructure is extremely reliable, having data backups is a core part of good security hygiene. It ensures that even if something goes wrong, whether it’s a breach, malware, or technical glitch, you can recover quickly with minimal downtime.
• Educate Your Team and Watch Out for Phishing: Not every attack comes through technical cracks; some come through the front door by tricking your employees. Phishing emails are a common way attackers steal passwords or plant malware. Train your staff to be cautious about emails that ask them to log in to their Microsoft account or click links to SharePoint documents they weren’t expecting. For example, if an employee gets an email saying “Please review this urgent document” with a SharePoint link, they should verify it’s legitimate (maybe the hacker is sending a fake SharePoint login page to snag their password). Regular short training or even simple reminders can build a culture of skepticism for unexpected requests. Encourage employees to report anything odd, it’s better to check and be safe. Remember, one careless click by one person can potentially compromise your whole SharePoint. Human vigilance is as important as any tech measure.
• Leverage Built-in Security Features: Make sure you’re taking advantage of the security features your Microsoft 365 subscription includes. For instance, Microsoft Defender for Office 365 can scan links and attachments for threats (protecting against known malware or phishing links). SharePoint has an option called “access control policies” where you can enforce things like MFA or block access from unmanaged devices. If you have sensitive data, you might use data loss prevention (DLP) policies or sensitivity labels to prevent accidental sharing of, say, customer SSNs or credit card numbers. These tools might sound fancy, but many are included even in business subscriptions and can be configured without a PhD in security. An IT consultant or your managed service provider can help you set them up in an afternoon. It’s like getting extra door locks installed, a one-time effort for ongoing peace of mind.
• Consider Professional Help (Managed IT Services): If all of the above sounds overwhelming or you simply don’t have time, that’s completely understandable, you’re busy running your business! This is where partnering with a trusted IT provider or Managed Service Provider (MSP) can make a huge difference. An MSP (like Bristeeri Technologies) can handle the nitty-gritty of cybersecurity for you: keeping your systems patched, monitoring for threats 24/7, managing backups, and training your staff. We stay on top of incidents like the SharePoint breach and ensure that our clients are protected long before (or immediately after) such threats emerge. Think of it as having a dedicated IT security team on call, but at a fraction of the cost of hiring full-time staff. The right partner will not only fix problems but also proactively harden your defenses so you can sleep easier. In today’s threat landscape, many small businesses find that outsourcing their IT security is the most cost-effective way to get robust protection without diverting focus from their core work.

By implementing the steps above, you’ll drastically reduce your risk of falling victim to a breach, whether it’s a targeted attack or an opportunistic exploit like the SharePoint 2025 incident. Security is never “set it and forget it,” but these practices become second nature once you integrate them into your business routine. And the payoff is huge: you get to enjoy the productivity benefits of tools like SharePoint Online without constantly worrying about the next cyber nightmare.