As per reports, though customers weren’t aware that their personal details were being compromised, Indian banks were. The RBI has sought a response from the banks’ audit committees and has also flagged the data sharing by the service provider in its Risk Assessment Report (RAR).

The RBI stated, “All the mailboxes had been migrated to office 365 Microsoft cloud environment. It was gathered from the Microsoft transparency hub that Microsoft is bound to share customers’ data under US Foreign Intelligence Surveillance Act (FISA) and US national security letters as and when required by the US authorities.”

The report said Microsoft had disclosed information on at least 3,036 occasions after more than 4,000 government requests or legal demand requests for Indian customers in the US. Reportedly, banks have entered a deal with Microsoft regarding the data sharing of their customers wherein the latter will only share the bank customers’ data if the order was issued by the Indian government or an Indian court.

As reported by Microsoft, more than 100 million people use Office 365 commercial. Citing privacy as their foremost concern, Microsoft spokesperson told DNA Money, “No government has direct access to any of our users’ data. Data privacy is a top priority for us. We never provide customer data unless we receive a legally valid warrant, order or subpoena about specific accounts or individual identifiers that we have reviewed and considered legally appropriate and consistent with the rule of law and our Microsoft principles.”

“Absent extraordinary circumstances, in the vast majority of cases we redirect governments to seek data directly from commercial customers or to allow us to tell our commercial customers when the government seeks their data.”