Microsoft SharePoint Cyber Attacks – Class Action Investigation

Ahdoot Wolfson is closely monitoring developments concerning the recently announced cyberattacks involving Microsoft SharePoint. 

According to public reporting, Microsoft failed to adequately secure its SharePoint software, leading to widespread cyber attacks by state-sponsored and other threat actors, including Linen Typhoon, Violet Typhoon, and Storm-2603. These attacks resulted in unauthorized access, data theft, ransomware deployment (including Warlock ransomware), and significant financial and operational damages. The attacks reportedly exploited zero-day vulnerabilities collectively being called “ToolShell” (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771).

Businesses, government agencies, and other organizations worldwide using on-premises Microsoft SharePoint Server (2016, 2019, or Subscription Edition) may have experienced data breaches, ransomware attacks, or system compromises between July 7, 2025 and the present due to these vulnerabilities. Security company EyeSecurity first spotted the flaw, and initially confirmed that at least 400 SharePoint servers (i.e., 400 entities) were compromised. Customers and consumers who patronize these entities may also be impacted by the attacks.

If you or your organization was affected by the recent Microsoft SharePoint cyber attacks, our firm would like to hear from you. Please fill out the form below and our lawyers will contact you for a free consultation.