Tens of thousands of emails were stolen from US State Department accounts by Chinese hackers who exploited Microsoft’s email system earlier this year, a Senate staffer told Reuters on Wednesday.

The staff member, who was present at an earlier Wednesday briefing of State Department IT personnel, claimed the officials informed senators that 60,000 emails had been stolen from 10 separate State Department accounts. Even though the victims were not identified, he added that all but one were engaged in work related to East Asia and the Pacific.

Since May, email accounts at about 25 institutions, including the US Commerce and State Departments, have been compromised, according to US officials and Microsoft. The scope of the compromise is still unknown.

An already fragile relationship between the two nations has further worsened by US accusations that China was responsible for the breach. Beijing has refuted the accusations.

According to the Wednesday briefing, the State Department employees whose accounts were compromised mainly worked on Indo-Pacific diplomatic initiatives, and the hackers also got their hands on a list of all the department’s correspondence.

The massive attack has brought back into focus Microsoft’s disproportionate contribution to the US government’s IT needs. According to the officials at the briefing, the State Department has started transitioning to “hybrid” settings with numerous vendor businesses and boosted acceptance of multi-factor authentication as part of attempts to defend its systems.

The hackers compromised a Microsoft engineer’s device, which allowed them to breach the State Department’s email accounts, according to the briefing.

Microsoft earlier this month said that a hack of senior officials at the US State and Commerce Departments stemmed from the compromise of a Microsoft engineer’s corporate account. “We need to harden our defences against these types of cyberattacks and intrusions,” Schmitt said in a statement shared by the staffer in an email to Reuters following the briefing. “We need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point,” he said.

A Microsoft spokesman did not have an immediate comment on the Senate briefing. The company, which has faced criticism over its security practices since the breaches, has said that the hacking group behind them – dubbed Storm-0558 – had broken into webmail accounts running on the firm’s Outlook service.