A Democratic lawmaker is calling on federal agencies to hold Microsoft accountable for “negligent cybersecurity practices” that played part in a Chinese hacking campaign that targeted U.S. government email addresses.

Sen. Ron Wyden (D-Ore.) wrote a letter to the heads of the Department of Justice, Federal Trade Commission, and Cybersecurity and Infrastructure Security Agency (CISA) on Thursday imploring the agencies to investigate the incident that came to light earlier this month. CISA and the Federal Bureau of Investigation on July 12 published a joint advisory regarding unexpected events observed in Microsoft 365 audit logs.

In a July 14 blog, Microsoft explained a China-based threat actor with espionage objectives “used forged authentication tokens to access user email from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud.” The company said it identified the issue in June and has since disrupted the malicious activities.